Skip to content
/ splunksearch-miner Public

MineMeld miner to retrieve Splunk search results as indicators

License

Apache-2.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hkelley/splunksearch-miner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
splunksearchminer
splunksearchminer
 
 
AUTHORS
AUTHORS
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
minemeld.json
minemeld.json
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

splunksearch-miner

MineMeld miner for Splunk searches implemented as an extension

How it works

This miner periodically executes a Splunk saved search via REST and returns a columns as indicators.

Installation

Install this extension directly from the git repo using your MineMeld server's System | Extensions menu.

Configuration

I should re-work this so that the username and password go in the private (node-level) storage. Someday ....

  • If your saved search is not in the default search app then use a URL like this: "https://xxx.splunkcloud.com:8089/servicesNS/nobody/<APP_NAME>/search/jobs/"
  • User role permissions will suffice
  • In the prototype configuration, use double-quotes around the search name, password, or anywhere else that has YAML special characters.

About

MineMeld miner to retrieve Splunk search results as indicators

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages