https://github.com/curbengh/splunk-scripts

Mirror of https://gitlab.com/curben/splunk-scripts
https://github.com/curbengh/splunk-scripts

Last synced: about 2 months ago
JSON representation

Mirror of https://gitlab.com/curben/splunk-scripts

• Host: GitHub
• URL: https://github.com/curbengh/splunk-scripts
• Owner: curbengh
• License: cc0-1.0
• Created: 2023-01-28T04:45:59.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2025-04-06T12:00:42.000Z (2 months ago)
• Last Synced: 2025-04-06T12:28:07.463Z (2 months ago)
• Language: Python
• Size: 293 KB
• Stars: 2
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

README

        
# Splunk add-ons, patches and setup scripts

## Packaging Splunk apps

`python build.py -d path/to/app-folder -o path/to/output-folder`

[build.py](./build.py) is necessary to remove execute permission from all files. Splunk Cloud will reject any app that contains files with execute permission, except for the "bin/" folder. Some folders have custom build.py to build patched add-on.

## [export-cloudflare](./export-cloudflare/)

Export Cloudflare DNS records to Splunk

## [nmap](./nmap/)

Run nmap port scanner and ingest the XML result into Splunk.

## [setup](./setup/)

Splunk Enterprise setup.

## [universal-forwarder](./universal-forwarder/)

Universal Forwarder setup.

## [updateiplocation](./updateiplocation/)

[`iplocation`](https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchReference/Iplocation) bundled database located at "$SPLUNK_HOME/share/GeoLite2-City.mmdb" is only updated in each Splunk release. Use [`updateiplocation`](./updateiplocation/) to manually update it.