This is a Chainkit app for Splunk Enterpirse. The app montiors and detects indexed logs on Splunk whether logs get tampered or not.
- Splunk Enterprise 8.0+
- Splunk Add-on Builder 3.0.1
- Supported on Windows, Linux, MacOS, Solaris, FreeBSD, HP-UX, AIX
https://docs.splunk.com/Documentation/AddonBuilder/3.0.1/UserGuide/Installation
tar -czvf ${file_name}.tar.gz ${path}/-chainkit
- Navigate to the Splunk Add-on Builder.
- Click
Import Project
.
- Go to Configuration in Chainkit App.
- Add a Splunk Account; This account must have permission for accessing data that you need to export.
- Interval: Set time
Interval
in seconds; this module will be run periodically with the given interval. - Index: Set
Index
that you would like to store a chainkit result. - Username/Password: This username/password must be generated by Chainkit.
- Storage: There are three types of storage depending on your chainkit plan:
pencil
,public
,private
- API: Select either Register or Verify API.
- Query:
- For Register, a query is used for exporting logs that you would like to register.
- For Verify, a query is simple: search index=
put the index you used for register API
- Earliest_time/Latest_time: These are a time bucket that retrives logs in the give time range.
- Global Account: Select the account that you set above.
This project was initiated by PencilDATA Inc.
[email protected] |