splunk/splunk-connect-for-syslog splunk/splunk-connect-for-syslog

  • Stars
    star
    152
  • Rank 244,685 (Top 5 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created over 5 years ago
  • Updated 2 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
splunk/splunk-connect-for-syslog
github

splunk

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Splunk Connect for Syslog

README

FOSSA Status

Splunk Connect for Syslog is an open source packaged solution for getting data into Splunk using syslog-ng (OSE) and the Splunk HTTP event Collector.

Purpose

Splunk Connect for Syslog (SC4S) is a community project focused on reducing the pain of getting syslog data sources into Splunk. The primary pain points SC4S addresses include the following…

  • Shortage of deep syslog expertise in the community
  • Inconsistency between syslog server deployments creates a support challenge
  • Data sources tagged with catch-all sourcetype “syslog” which limits Splunk analytics
  • Uneven data distribution between Splunk indexers impacts search performance
  • Splunk Connect for Syslog should be used by any Splunk customer needing to onboard data sources via syslog to Splunk.

Usage

For full usage instructions, please visit the Splunk Connect for Syslog documentation.

Getting Support

Thank you for considering SC4S for your Splunk needs.

  1. Splunk Support: If you are an existing Splunk customer with access to the Support Portal, create a support ticket for the quickest resolution to any issues you may be experiencing. Here are some examples of when it may be appropriate to create a support ticket: If you experience an issue with the current version of SC4S, such as a feature gap or a documented feature that is not working as expected. If you have difficulty with the configuration of SC4S, either at the back end or with the out-of-box parsers or index configurations. If you experience performance issues and need help understanding the bottlenecks. If you have any questions or issues with the SC4S documentation.
  2. Community Support: Community members are often a great source of support and knowledge. We also invite you to help others. Here are some ways in which community support can be involved. Post a question to Splunk Answers using the tag "Splunk Connect For Syslog" Join the #splunk-connect-for-syslog room in the splunk-usergroups Slack Workspace. If you don't yet have an account, you can sign up. Please use the GitHub issue tracker to submit bugs or request enhancements: https://github.com/splunk/splunk-connect-for-syslog/issues

Please note that the Splunk team is involved as much as possible in the community, on a best effort basis. If you require priority handling, please use Splunk Support.

Contributing

We welcome feedback and contributions from the community! Please see our contribution guidelines for more information on how to get involved. PR contributions require acceptance of both the code of conduct and the contributor license agreement.

This repository uses pre-commit. After installing dependencies, please do

pre-commit install

License

  • Configuration and documentation licensed subject to CC0

  • Code and scripts licensed subject to BSD-2-Clause

  • Third Party Red Hat Universal Base Image see License

  • Third Party Syslog-NG (OSE) License

FOSSA Status

More Repositories

1

attack_range

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
Jinja
2,118
star
2

security_content

Splunk Security Content
Python
1,235
star
3

splunk-sdk-python

Splunk Software Development Kit for Python
Python
649
star
4

attack_data

A repository of curated datasets from various attacks
Python
560
star
5

docker-splunk

Splunk Docker GitHub Repository
Python
410
star
6

splunk-ansible

Ansible playbooks for configuring and managing Splunk Enterprise and Universal Forwarder deployments
Python
355
star
7

eventgen

Splunk Event Generator: Eventgen
Python
354
star
8

botsv2

Splunk Boss of the SOC version 2 dataset.
348
star
9

splunk-connect-for-kubernetes

Helm charts associated with kubernetes plug-ins
Python
344
star
10

docker-splunk-legacy

Docker Splunk *** LEGACY IMAGES - PLEASE SEE https://github.com/splunk/docker-splunk INSTEAD ***
Shell
304
star
11

botsv1

302
star
12

pion

Pion Network Library (Boost licensed open source)
C++
299
star
13

splunk-operator

Splunk Operator for Kubernetes
Go
205
star
14

splunk-sdk-javascript

Splunk Software Development Kit for JavaScript
JavaScript
185
star
15

botsv3

Splunk Boss of the SOC version 3 dataset.
163
star
16

melting-cobalt

A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object
Python
163
star
17

qbec

configure kubernetes objects on multiple clusters using jsonnet
Go
157
star
18

splunk-sdk-java

Splunk Software Development Kit for Java
Java
138
star
19

splunk-library-javalogging

Splunk logging appenders for popular Java Logging frameworks
Java
131
star
20

ansible-role-for-splunk

Splunk@Splunk's Ansible role for installing Splunk, upgrading Splunk, and installing apps/addons on Splunk deployments (VM/bare metal)
Jinja
131
star
21

attack_range_local

Build a attack range in your local machine
Jinja
129
star
22

splunk-platform-automator

Ansible framework providing a fast and simple way to spin up complex Splunk environments.
Python
117
star
23

SA-ctf_scoreboard

Python
116
star
24

splunk-aws-cloudformation

AWS CloudFormation templates for Splunk distributed cluster deployment
Shell
108
star
25

terraform-provider-splunk

Terraform Provider for Splunk
Go
103
star
26

securitydatasets

Home for Splunk security datasets.
97
star
27

splunk-aws-project-trumpet

Python
95
star
28

splunk-app-examples

App examples for Splunk Enterprise
JavaScript
93
star
29

splunk-demo-collector-for-analyticsjs

Example Node.js based backend collector for client-side data
JavaScript
93
star
30

vscode-extension-splunk

Visual Studio Code Extension for Splunk
Python
86
star
31

observability-workshop

To get started, please proceed to The Splunk Observability Cloud Workshop Homepage.
HTML
86
star
32

mltk-algo-contrib

Python
85
star
33

fluent-plugin-splunk-hec

This is the Fluentd output plugin for sending events to Splunk via HEC.
Ruby
83
star
34

network-explorer

C++
82
star
35

kafka-connect-splunk

Kafka connector for Splunk
Java
82
star
36

splunk-javascript-logging

Splunk HTTP Event Collector logging interface for JavaScript
JavaScript
81
star
37

splunk-reskit-powershell

Splunk Resource Kit for Powershell
PowerShell
80
star
38

corona_virus

This project includes an app that allows users to visualize and analyze information about COVID-19 using data made publicly-available by Johns Hopkins University. For more information on legal disclaimers, please see the README.
Python
79
star
39

contentctl

Splunk Content Control Tool
Python
77
star
40

salo

Synthetic Adversarial Log Objects: A Framework for synthentic log generation
Python
75
star
41

ShellSweep

ShellSweeping the evil.
PowerShell
73
star
42

docker-itmonitoring

Get Started with Streaming your Docker Logs and Stats in Splunk!
HTML
68
star
43

splunk-sdk-csharp-pcl

Splunk's next generation C# SDK
C#
65
star
44

docker-logging-plugin

Splunk Connect for Docker is a Docker logging plugin that allows docker containers to send their logs directly to Splunk Enterprise or a Splunk Cloud deployment.
Go
64
star
45

attack-detections-collector

Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique
Python
59
star
46

splunk-aws-serverless-apps

Splunk AWS Serverless applications and Lambda blueprints
JavaScript
55
star
47

splunk-webframework

Splunk Web Framework
Python
51
star
48

splunk-app-splunkgit

GitHub App
Python
49
star
49

vault-plugin-secrets-gitlab

Vault Plugin for Gitlab Project Access Token
Go
48
star
50

pytest-splunk-addon

A Dynamic test tool for Splunk Technology Add-ons
Python
47
star
51

splunk-mltk-container-docker

Splunk App for Data Science and Deep Learning - container images repository
Jupyter Notebook
47
star
52

rba

RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high-fidelity, low-volume alerts.
44
star
53

splunk-cloud-sdk-go

The Splunk Cloud SDK for Go, contains libraries for building apps for the Splunk Cloud Services Platform.
Go
43
star
54

splunk-app-testing

sample app along with a CICD pipeline for testing multiple versions of splunk
Shell
42
star
55

rwi_executive_dashboard

Splunk Remote Work Insights - Executive Dashboard
HTML
38
star
56

splunk-sdk-ruby

Splunk Software Development Kit for Ruby
Ruby
36
star
57

splunk-shuttl

Splunk app for archive management, including HDFS support.
Java
35
star
58

attack_range_cloud

Attack Range to test detection against nativel serverless cloud services and environments
Python
35
star
59

addonfactory-ucc-generator

A framework to generate UI-based Splunk Add-ons.
Python
34
star
60

splunk-for-securityHub

Python
34
star
61

azure-functions-splunk

Azure Functions for getting data in to Splunk
JavaScript
30
star
62

dashboard-conf19-examples

Splunk new dashboard framework examples .conf 2019
JavaScript
30
star
63

github_app_for_splunk

A collection of dashboards and knowledge objects for Github data
JavaScript
29
star
64

splunk-connect-for-snmp

Python
28
star
65

twinclams

because twin clams are better than one clam?
Python
27
star
66

jupyterhub-istio-proxy

JupyterHub proxy implementation for kubernetes clusters running istio service mesh
Go
27
star
67

observability-content-contrib

Contribution repository for Splunk Observability Content (e.g. Dashboards, Detectors, Examples, etc)
HCL
26
star
68

lightproto

Protobuf compatible code generator
Java
26
star
69

splunk-app-twitter

Twitter application for Splunk
Python
25
star
70

splunk-library-dotnetlogging

Support for logging from .NET Tracing and ETW / Semantic Logging ApplicationBlock to Splunk.
C#
25
star
71

splunkrepl

An awesome little REPL for issuing SPLUNK queries
JavaScript
24
star
72

fluent-plugin-kubernetes-objects

This is the Fluentd input plugin which queries Kubernetes API to collect Kubernetes objects (like Nodes, Namespaces, Pods, etc.)
Ruby
23
star
73

splunk-ref-pas-code

Splunk Reference App - Pluggable Auditing System (PAS) - Code Repo
Python
22
star
74

vault-plugin-splunk

Vault plugin to securely manage Splunk admin accounts and password rotation
Go
22
star
75

splunk-sdk-php

Splunk Software Development Kit for PHP
PHP
22
star
76

splunk-heatwave-viz

A heatmap vizualization of bucketed ranged data over time.
JavaScript
21
star
77

pipelines

Concurrent processing pipelines in Go.
Go
21
star
78

splunk-gcp-functions

Python
20
star
79

PEAK

Security Content for the PEAK Threat Hunting Framework
Jupyter Notebook
20
star
80

splunk-tableau-wdc

Splunk Tableau Web Data Connector (WDC) Example
JavaScript
20
star
81

splunkforjenkins

Java
19
star
82

splunk-3D-graph-network-topology-viz

Plot relationships between objects with force directed graph based on ThreeJS/WebGL.
JavaScript
19
star
83

minecraft-app

Splunking Minecraft with the App Framework
JavaScript
19
star
84

splunk-add-on-jira-alerts

Splunk custom alert action for Atlassian JIRA
Python
19
star
85

terraform-provider-scp

Splunk Terraform Provider to manage config resources for Splunk Cloud Platform
Go
18
star
86

splunk-bunyan-logger

A Bunyan stream for Splunk's HTTP Event Collector
JavaScript
18
star
87

slack-alerts

Splunk custom alert action for sending messages to Slack channels
Python
18
star
88

public-o11y-docs

Splunk Observability Cloud docs
HTML
18
star
89

dashpub

Generate next.js apps to publish Splunk dashboards
JavaScript
18
star
90

vale-splunk-style-guide

Splunk Style Guide for the Vale linter
18
star
91

SA-ctf_scoreboard_admin

Python
18
star
92

acs-privateapps-demo

Demo of private-apps ci/cd integration into splunkcloud using the admin config service
Go
17
star
93

splunk-cloud-sdk-python

The Splunk Cloud SDK for Python, contains libraries for building apps for the Splunk Cloud Services Platform.
Python
17
star
94

fabric-logger

Logs blocks, transactions and events from Hyperledger Fabric to Splunk.
TypeScript
17
star
95

deep-learning-toolkit

Deep Learning Toolkit for Splunk
Python
15
star
96

k8s-yaml-patch

jsonnet library to patch objects loaded from yaml
Go
15
star
97

acs-cli

Admin Config Service CLI
15
star
98

TA-osquery

A Splunk technology add-on for osquery
14
star
99

ml-toolkit-docs

ML Toolkit & Showcase application documents
14
star
100

splunk-sdk-csharp

Splunk Software Development Kit for CSharp
C#
14
star