{"offset": 0, "limit": 25, "total": 1801, "results": [{"created_time": "2026-05-06T15:44:07+00:00", "published_time": "2026-05-06T15:44:07+00:00", "updated_time": "2026-05-06T15:45:55+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8716, "appid": "spl_quiz", "title": "spl_quiz", "type": "app", "license_name": "Splunk End User License for Third Party Content", "license_url": "https://cdn.splunkbase.splunk.com/static/misc/eula.html", "description": "New to Splunk and unsure how to learn SPL? This app was built to help. Use it to practice real SPL on a live Splunk instance with hands-on exercises. Work through built-in challenges or create your own. Learn SPL in a practical, engaging way.", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8716/", "download_count": 4, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-05-04T12:14:43+00:00", "published_time": "2026-05-04T12:14:43+00:00", "updated_time": "2026-05-04T13:07:38+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8711, "appid": "vh_enrichment_app", "title": "VisionHeight", "type": "app", "license_name": "Splunk End User License for Third Party Content", "license_url": "https://cdn.splunkbase.splunk.com/static/misc/eula.html", "description": "VH Enrichment App enriches Splunk events with external IP intelligence data.\n\nThe app continuously ingests enrichment data into a KV Store and enables dashboards and searches to automatically correlate events with enriched IP context.\n\nIt is designed for security teams who need fast visibility into potentially malicious IP activity directly within Splunk.", "access": "restricted", "path": "https://splunkbase.splunk.com/app/8711/", "download_count": 0, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-05-01T22:54:40+00:00", "published_time": "2026-05-01T22:54:40+00:00", "updated_time": "2026-05-07T19:28:56+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "rejected", "install_method_distributed": "rejected", "uid": 8704, "appid": "splunk-connect-for-otlp", "title": "Splunk Connect for OTLP", "type": "addon", "license_name": "Apache License Version 2.0", "license_url": "https://www.apache.org/licenses/LICENSE-2.0.html", "description": "Splunk Connect for OTLP is a technical addon that exposes a OTLP endpoint for consumption of logs, traces and metrics. OTLP stands for OpenTelemetry Protocol, a standard communication protocol to transmit signals using Protobuf over gRPC or HTTP.", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8704/", "download_count": 6, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-05-01T18:30:11+00:00", "published_time": "2026-05-01T18:30:11+00:00", "updated_time": "2026-05-01T18:45:18+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8703, "appid": "GitHub_Dashboard_Collection", "title": "GitHub Dashboard Collection", "type": "app", "license_name": "Apache License Version 2.0", "license_url": "https://www.apache.org/licenses/LICENSE-2.0.html", "description": "The Github App for Splunk is a collection of out of the box dashboards and Splunk knowledge objects designed to give Github Admins and platform owners immediate visibility into Github.\n\nThis App is designed to work across multiple Github data sources however not all all required. You may choose to only collect a certain set of data and the parts of this app that utilize that set will function, while those that use other data sources will not function correctly, so please only use the Dashboards that relate to the data you are collecting.\n\nFormerly known as the Github App for Splunk, the Github Dashboard Collection is designed to work with the following data sources:\n\n* Github Audit Log Monitoring Add-On For Splunk: Audit logs from Github Enterprise Cloud.\n* Github.com Webhooks: A select set of webhook events like Push, PullRequest, and Repo.\n* Github Enterprise Server Syslog Forwarder: Audit and Application logs from Github Enterprise Server.\n* Github Enterprise Collectd monitoring: Performance and Infrastructure metrics from Github Enterprise Server.", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8703/", "download_count": 0, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-05-04T14:14:28+00:00", "published_time": "2026-05-04T14:14:28+00:00", "updated_time": "2026-05-04T14:24:31+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8697, "appid": "MachineDataLab", "title": "Machine Data Lab", "type": "app", "license_name": "MIT License", "license_url": "https://opensource.org/licenses/MIT", "description": "Machine Data Lab is a community-driven app built by Border Innovation, where Splunk users from around the world register and leave their mark.\n\nSign up in seconds and watch as a global map comes alive with registrations from fellow users across every corner of the planet.\n\nSee who's joining, when, and from where \u2014 as the Splunk community grows, one registration at a time.", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8697/", "download_count": 1, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-29T23:13:34+00:00", "published_time": "2026-04-29T23:13:34+00:00", "updated_time": "2026-04-29T23:32:37+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8696, "appid": "Splunk_TA_CCX_Snowflake_CIM_Support", "title": "CCX Add-on for Snowflake", "type": "addon", "license_name": "Third Party Developer EULA", "license_url": "https://cybercx.com.au", "description": "CyberCX is Australia\u2019s greatest force of cyber security experts. Our highly skilled professional services team operates a 24x7 on-shore security operations centre (SOC) servicing corporate and public sector organisations across Australia and New Zealand, specialising in Security Operations services leveraging Splunk.", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8696/", "download_count": 2, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-29T22:36:03+00:00", "published_time": "2026-04-29T22:36:03+00:00", "updated_time": "2026-04-30T09:20:24+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8695, "appid": "TA-whisper-graph", "title": "Whisper Security Graph App for Splunk", "type": "app", "license_name": "Splunk End User License for Third Party Content", "license_url": "https://cdn.splunkbase.splunk.com/static/misc/eula.html", "description": "The Whisper Security Add-on for Splunk connects Splunk to the Whisper Security Knowledge Graph, a repository of over 7.3 billion infrastructure nodes and 38 billion edges. The add-on enables enrichment of security events with DNS, BGP, WHOIS, GeoIP, SPF, and threat intelligence context. It provides custom search commands for executing Cypher graph queries, modular inputs for attack surface monitoring and threat intelligence collection, and dashboards for compliance posture tracking and infrastructure change detection. The add-on maps events to the CIM Network Resolution and Threat Intelligence data models. Supported data sources include whisper_threat_intel, whisper_baseline, and whisper_watchlist. Source types include whisper:attack_surface, whisper:threat_intel, whisper:watchlist, whisper:change, whisper:enrichment, ta_whisper_graph, and whisper:spf_compliance. The add-on serves organizations requiring infrastructure context enrichment for security analytics, compliance monitoring, and threat intelligence workflows.", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8695/", "download_count": 6, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-29T13:02:42+00:00", "published_time": "2026-04-29T13:02:42+00:00", "updated_time": "2026-04-29T13:31:54+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8693, "appid": "fleak_ocsf_mapper", "title": "Fleak OCSF Mapper", "type": "app", "license_name": "Apache License Version 2.0", "license_url": "https://www.apache.org/licenses/LICENSE-2.0.html", "description": "Fleak OCSF Mapper turns custom and long-tail log sources into clean, OCSF-normalized events inside Splunk \u2014 without hand-writing regex, transforms, or field aliases.\n\nPaste a few sample events into the Mapping Studio. Fleak's AI service inspects the structure, generates a parser and an OCSF mapping expression, and lets you preview the result before\ndeploying. Once a rule is saved, the included | fleakmapping search command streams events through the Zephflow engine and returns standardized OCSF fields, ready for downstream\ndashboards, SIEM rules, and security analytics.\n\nUse cases:\n- Onboard new vendor or proprietary log formats in minutes instead of weeks\n- Normalize firewall, endpoint, identity, and application logs to a shared OCSF schema\n- Reduce the regex and transforms toil that slows Splunk ingestion projects", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8693/", "download_count": 8, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-28T18:42:50+00:00", "published_time": "2026-04-28T18:42:50+00:00", "updated_time": "2026-04-28T18:46:32+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8692, "appid": "Splunk_TA_ExposureAnalytics_linux", "title": "Splunk Exposure Analytics Add-on for Linux", "type": "addon", "license_name": "Splunk General Terms", "license_url": "https://www.splunk.com/en_us/legal/splunk-general-terms.html", "description": "The Splunk Add-on for Exposure Analytics collects enriched asset and user data from Splunk forwarder endpoints to enhance entity discovery. It gathers system, user, network, and full disk encryption information.\n\nThis optional add-on can be used as an additional entity discovery source in Exposure Analytics, complementing other discovery sources with endpoint-derived enrichment data.\n\nYou can deploy the Splunk Add-on for Exposure Analytics to your Splunk forwarders and then add the related entity discovery sources in Exposure Analytics to incorporate the data into entity discovery processing.", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8692/", "download_count": 30, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-28T18:37:42+00:00", "published_time": "2026-04-28T18:37:42+00:00", "updated_time": "2026-04-28T18:41:10+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8691, "appid": "Splunk_TA_ExposureAnalytics_win", "title": "Splunk Exposure Analytics Add-on for Windows", "type": "addon", "license_name": "Splunk General Terms", "license_url": "https://www.splunk.com/en_us/legal/splunk-general-terms.html", "description": "The Splunk Add-on for Exposure Analytics collects enriched asset and user data from Splunk forwarder endpoints to enhance entity discovery. It gathers system, user, network, and full disk encryption information.\n\nThis optional add-on can be used as an additional entity discovery source in Exposure Analytics, complementing other discovery sources with endpoint-derived enrichment data.\n\nYou can deploy the Splunk Add-on for Exposure Analytics to your Splunk forwarders and then add the related entity discovery sources in Exposure Analytics to incorporate the data into entity discovery processing.", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8691/", "download_count": 32, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-28T18:32:08+00:00", "published_time": "2026-04-28T18:32:08+00:00", "updated_time": "2026-04-28T18:35:27+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8690, "appid": "Splunk_TA_ExposureAnalytics_mac", "title": "Splunk Exposure Analytics Add-on for macOS", "type": "addon", "license_name": "Splunk General Terms", "license_url": "https://www.splunk.com/en_us/legal/splunk-general-terms.html", "description": "The Splunk Add-on for Exposure Analytics collects enriched asset and user data from Splunk forwarder endpoints to enhance entity discovery. It gathers system, user, network, and full disk encryption information.\n\nThis optional add-on can be used as an additional entity discovery source in Exposure Analytics, complementing other discovery sources with endpoint-derived enrichment data.\n\nYou can deploy the Splunk Add-on for Exposure Analytics to your Splunk forwarders and then add the related entity discovery sources in Exposure Analytics to incorporate the data into entity discovery processing.", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8690/", "download_count": 9, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-27T11:27:03+00:00", "published_time": "2026-04-27T11:27:03+00:00", "updated_time": "2026-04-27T11:33:28+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8685, "appid": "gk_pos_performance", "title": "GK POS Performance", "type": "app", "license_name": "MIT License", "license_url": "https://opensource.org/licenses/MIT", "description": "A Splunk App + Technical Add-on that ingests performance.log telemetry from GK POS terminals, normalizes the data to Splunk's Common Information Model (CIM), and provides operational dashboards and alerts.", "access": "restricted", "path": "https://splunkbase.splunk.com/app/8685/", "download_count": 1, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-24T21:31:54+00:00", "published_time": "2026-04-24T21:31:54+00:00", "updated_time": "2026-04-24T21:40:50+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8681, "appid": "TA-elastic-search", "title": "Elastic Search Add-on for Splunk", "type": "addon", "license_name": "Splunk End User License for Third Party Content", "license_url": "https://cdn.splunkbase.splunk.com/static/misc/eula.html", "description": "The Elastic Search Add-on for Splunk collects indexed data from an Elasticsearch instance and ingests it into Splunk as JSON events. It uses the official Elasticsearch Python SDK and manages per-input checkpoints to ensure only new data is fetched on each run.", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8681/", "download_count": 6, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-23T21:10:00+00:00", "published_time": "2026-04-23T21:10:00+00:00", "updated_time": "2026-04-23T21:21:13+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8676, "appid": "Nasuni_Connector_for_Splunk", "title": "Nasuni Connector for Splunk", "type": "app", "license_name": "Splunk End User License for Third Party Content", "license_url": "https://cdn.splunkbase.splunk.com/static/misc/eula.html", "description": "The Nasuni Connector for Splunk enables security and operations teams to monitor, investigate, and respond to storage-related events across their Nasuni environment. By ingesting and parsing syslog data from Nasuni Edge Appliances and the Nasuni Management Console (NMC), the app normalizes and enriches events for efficient search, correlation, and integration with Splunk SOAR workflows.\n\nWith visibility into file activity, system operations, and security alerts, including ransomware protection and antivirus alerts, teams can accelerate incident response, strengthen audit capabilities, and improve overall data security posture.\n\nIngested Event Types Include:\n-System & operational events \u2013 General syslog activity from Edge Appliances and NMC\n-Ransomware protection alerts \u2013 Detection and mitigation events from Advanced Ransomware Protection\n-File system audit events \u2013 File access, modification, and deletion tracking\n-Snapshot activity \u2013 Success and failure of snapshot operations\n-Antivirus alerts \u2013 Threat detections from integrated antivirus scanning", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8676/", "download_count": 3, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-23T21:02:19+00:00", "published_time": "2026-04-23T21:02:19+00:00", "updated_time": "2026-04-24T11:59:52+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8675, "appid": "cluster_custom_command", "title": "Hierarchical Clustering Custom Command", "type": "addon", "license_name": "Splunk End User License for Third Party Content", "license_url": "https://cdn.splunkbase.splunk.com/static/misc/eula.html", "description": "Use text_cluster command to perform clustering of similar text\nGrouping of similar text based on similarity score based on Hierarchal Clustering\nFor accurate results remove special characters from values and use the field in the custom command", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8675/", "download_count": 4, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-05-06T15:08:34+00:00", "published_time": "2026-05-06T15:08:34+00:00", "updated_time": "2026-05-06T15:16:46+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8672, "appid": "eventlab", "title": "EventLab", "type": "app", "license_name": "Splunk End User License for Third Party Content", "license_url": "https://cdn.splunkbase.splunk.com/static/misc/eula.html", "description": "EventLab is an AI-powered synthetic data generator built as a native Splunk application. It enables SOC analysts, detection engineers, and Splunk administrators to produce realistic synthetic security events on demand \u2014 for testing detections, populating training environments, validating SPL queries, and running live demonstrations \u2014 without exposing real production data.\n\nThe built-in AI assistant accepts plain-English commands: generate a fixed batch, start a continuous real-time stream, simulate a MITRE ATT&CK technique, or schedule recurring jobs. Every generated batch is statistically validated against real production data, giving teams a measurable quality score that proves synthetic events match production patterns.\n\nEventLab ships with prebuilt models for common log sources \u2014 Palo Alto firewall, Windows Security, DNS, web access, and Linux syslog \u2014 and can build new models directly from your Splunk indexes. The AI profiles real events, extracts field types and token patterns, and produces a generation-ready model in minutes.\n\nKey capabilities:\n- 22 AI-driven tools for generation, streaming, scenario simulation, quality assessment, and model authoring.\n- 54 preconfigured MITRE ATT&CK techniques spanning all 14 tactics.\n- Statistical quality scoring: Kolmogorov\u2013Smirnov, chi-squared, and temporal cosine similarity tests.\n- Real-time streaming with configurable EPS and rate patterns (flat, spike, ramp, burst).\n- Scheduled generation via cron expressions for continuous data feeds.\n- Multi-LLM provider support: Anthropic Claude, Azure OpenAI, AWS Bedrock, OpenAI-compatible endpoints, and Ollama for fully air-gapped deployments.\n- Multi-tenancy with four RBAC roles, owner-scoped data isolation, and six granular capabilities.\n- Full audit trail logged to KV Store and Splunk indexes.\n\nWho it is for:\n- SOC teams running detection engineering, content development, and analyst training.\n- Splunk administrators needing realistic data for performance testing and demos.\n- Security architects validating SIEM pipelines without exposing customer data.\n- Educators and trainers building hands-on Splunk labs.", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8672/", "download_count": 13, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-22T16:02:57+00:00", "published_time": "2026-04-22T16:02:57+00:00", "updated_time": "2026-04-22T16:12:30+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8670, "appid": "rr_zt_gapanalysis", "title": "Red River Zero Trust Gap Analysis App", "type": "app", "license_name": "Splunk End User License for Third Party Content", "license_url": "https://cdn.splunkbase.splunk.com/static/misc/eula.html", "description": "Red River Zero Trust Gap Analysis helps organizations understand how their current security capabilities align to the Department of Defense (DoD) Zero Trust framework by visualizing gaps, partial coverage, and maturity across all Zero Trust pillars.\nThe app translates Zero Trust workshop discussions and assessment inputs into a data-driven view within Splunk, enabling security leaders and architects to see where controls exist, where coverage is incomplete, and where additional tooling or integration may be required. Rather than introducing new collection mechanisms, the app leverages existing Splunk data and curated lookup mappings to correlate vendors, products, and activities to DoD Zero Trust capabilities.\nThis application is designed as a companion to the Red River Zero Trust Accelerator and supports organizations participating in that engagement by extending assessment results into repeatable, point-in-time dashboards. The app provides an executive summary for leadership as well as deeper views by Zero Trust pillar and capability, helping teams validate assumptions, reduce blind spots, and prioritize roadmap decisions using their existing Splunk investment.", "access": "restricted", "path": "https://splunkbase.splunk.com/app/8670/", "download_count": 1, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-21T20:49:40+00:00", "published_time": "2026-04-21T20:49:40+00:00", "updated_time": "2026-04-21T20:54:01+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8667, "appid": "TA-triage-v1", "title": "Triage", "type": "addon", "license_name": "MIT License", "license_url": "https://opensource.org/licenses/MIT", "description": "A Splunk custom search command named `triage` for alert triage workflows.\n\nFeatures\n--------\n- Supports `model=claude` (Anthropic API)\n- Supports `model=ollama` (local Ollama HTTP API)\n- Heuristic fallback when no external model is reachable\n- File-based cache with TTL\n- Context field selection for prompts\n- IOC extraction and ATT&CK / kill-chain enrichment", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8667/", "download_count": 1, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-20T13:37:17+00:00", "published_time": "2026-04-20T13:37:17+00:00", "updated_time": "2026-04-22T13:18:27+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8661, "appid": "vdconnect", "title": "VDConnect", "type": "app", "license_name": "Splunk End User License for Third Party Content", "license_url": "https://cdn.splunkbase.splunk.com/static/misc/eula.html", "description": "6 supported databases with their protocols/ports/auth methods, the 3-layer architecture (modular input \u2192 KV Store \u2192 dashboards), complete file listing with descriptions, all 8 dashboards explained, 3 collection modes, 4 indexes, and 8 SPL macros.", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8661/", "download_count": 5, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-22T23:57:26+00:00", "published_time": "2026-04-22T23:57:26+00:00", "updated_time": "2026-04-28T15:42:41+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8659, "appid": "splunk-innovators-toolkit", "title": "Innovators ToolKit", "type": "app", "license_name": "Apache License Version 2.0", "license_url": "https://www.apache.org/licenses/LICENSE-2.0.html", "description": "Your Splunk dashboards work great, the SPL is solid, the data is right.. But they look like every other default Splunk dashboard. You know there's a gap between what your dashboards do and how they look, but closing that gap means learning CSS, JavaScript, and Splunk's static asset pipeline. Most Splunk users don't have time for that.\n\nInnovators Toolkit solves this. It's a free, community-built toolkit from the Splunk Innovators Network that lets you add professional polish to your Classic Simple XML dashboards without writing a single line of CSS or JavaScript. Open Design Studio, import your existing dashboard (your SPL queries stay intact), pick a theme, add effects, and export. What used to take a front-end developer hours now takes 5 minutes.\n\nThe toolkit includes 12 premium themes, 14 animated backgrounds, 11 interactive controls (dark mode toggle, fullscreen, collapsible panels, auto-refresh countdown), 9 HTML widgets (live clocks, gauges, countdowns, QR codes), and 29 animations. Every component is drop-in, add it via the visual Design Studio or paste a single stylesheet= or script= attribute into your XML.\n\n9 production-ready demo dashboards are included, all running against index=_internal so they work immediately after install. Use them as-is for NOC screens, executive reports, or security operations \u2014 or click \"Remix\" to pull any demo into Design Studio and make it your own.\n\nCompatible with Splunk Enterprise 9.0+ and Splunk Cloud. Cloud users can use the built-in Cloud Mode to design dashboards and download portable XML. Requires Classic Simple XML dashboards (version=\"1.1\"). Not compatible with Dashboard Studio.\n\nJoin our Splunk Innovators Network on LinkedIn for Latest Product Launches\nhttps://www.linkedin.com/groups/16364058/", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8659/", "download_count": 62, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-17T08:20:34+00:00", "published_time": "2026-04-17T08:20:34+00:00", "updated_time": "2026-04-17T08:58:29+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8658, "appid": "oilgas_splunk_app", "title": "ProdIQ Oil and Gas Intelligence", "type": "app", "license_name": "Splunk End User License for Third Party Content", "license_url": "https://cdn.splunkbase.splunk.com/static/misc/eula.html", "description": "ProdIQ Oil and Gas Intelligence app for Splunk provides real-time monitoring, alerting, and analytics for upstream oil and gas operations. It addresses the challenge of unifying wellbore telemetry, electric submersible pump (ESP) equipment health, and production KPIs into a single operational view \u2014 enabling engineers to detect anomalies early, track performance trends and reduce unplanned downtime.", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8658/", "download_count": 2, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-14T15:34:59+00:00", "published_time": "2026-04-14T15:34:59+00:00", "updated_time": "2026-04-14T15:52:13+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8654, "appid": "dash_lite", "title": "DASH Lite - Styled App Builder", "type": "app", "license_name": "Third Party Developer EULA", "license_url": "https://mb2analytics.com/en/eula", "description": "(Free preview of DASH) Design CSS themes for Splunk dashboards with live preview. Includes Cybersecurity use case with 2 dashboards. Upgrade at mb2analytics.com for 3 use cases, 15 dashboards, app export, and Gallery.", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8654/", "download_count": 4, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-14T08:19:03+00:00", "published_time": "2026-04-14T08:19:03+00:00", "updated_time": "2026-04-14T08:23:55+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8652, "appid": "TA-ensign_waf_akamaisiem", "title": "Ensign Akamai Web Security Add-on", "type": "addon", "license_name": "Splunk End User License for Third Party Content", "license_url": "https://cdn.splunkbase.splunk.com/static/misc/eula.html", "description": "Ensign Akamai Web Security Add-on for Splunk\n\nAn enterprise-grade alternative to the official Akamai SIEM app, rebuilt on the Splunk UCC framework v6.3.0.\n\nWHY THIS ADD-ON?\nThe official Akamai app (refer to : https://splunkbase.splunk.com/app/4310) uses legacy way for enabled the input (via Settings => Data Input) and several parsing is not key-value-pair based after coming ingested in Splunk, rather than using spath and makes easier for analyst to choose the fields, this add-ons are one to solve that. This add-on provides:\n- Full UI-driven configuration based on your usual for inputs based on Add-ons (just directly configured under the add-ons like the other Splunk Supported Add-ons).\n- Multi-account management with encrypted credential storage via Splunk's native password vault\n- Multi-proxy support (HTTP, HTTPS, SOCKS4, SOCKS5) with per-input proxy assignment\n- Offset-based checkpointing for reliable data continuity across restarts.\n- Custom sourcetype override per input for seamless migration.\n- Deployment Server compatible.\n\nDATA SOURCE:\nCaptures security events from Akamai SIEM Integration API v1, supporting:\n- App & API Protector\n- Kona Site Defender\n- Web Application Protector\n- Client Reputation\n- Bot Manager\n- Account Protector\n\nEVENT PROCESSING:\n- URL-decodes all fields recursively\n- Parses HTTP headers into structured key-value pairs\n- Decodes base64-encoded attackData rule fields into structured objects\n- Drops summary/offset metadata events (nullQueue)\n\nRef: https://techdocs.akamai.com/siem-integration/docs\n\nBuilt by Ensign Infosecurity Indonesia.", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8652/", "download_count": 0, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-13T20:20:29+00:00", "published_time": "2026-04-13T20:20:29+00:00", "updated_time": "2026-04-13T20:24:30+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8651, "appid": "TA_triage", "title": "aitriage", "type": "app", "license_name": "MIT License", "license_url": "https://opensource.org/licenses/MIT", "description": "You send each Splunk event to the LLM and receive the following in return:\n\n\u2192 MITRE ATT&CK technical mapping (like T1059.001)\n\u2192 1-10 severity score + label\n\u2192 2-3 sentence AI analysis\n\u2192 Specific action recommendation to the SOC analyst\n\u2192 False positive probability + justification\n\u2192 Kill chain phase\n\u2192 Automatic IOC inference", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8651/", "download_count": 6, "install_count": 0, "archive_status": "live", "is_archived": false}, {"created_time": "2026-04-25T14:40:17+00:00", "published_time": "2026-04-25T14:40:17+00:00", "updated_time": "2026-04-25T14:52:13+00:00", "appinspect_passed": false, "fedramp_validation": "no", "fips_compatibility": false, "install_method_single": "simple", "install_method_distributed": "appmgmt_phase", "uid": 8645, "appid": "TA-ensign_elasticsearch_add-on--Modular_input", "title": "Ensign ElasticSearch Data Integrator", "type": "addon", "license_name": "Splunk End User License for Third Party Content", "license_url": "https://cdn.splunkbase.splunk.com/static/misc/eula.html", "description": "Ensign ElasticSearch Data Integrator is a Splunk modular input add-on for ingesting data from Elasticsearch 8.x clusters into Splunk via the Elasticsearch 8 REST API.\n\nBuilt on the Splunk UCC Framework, it provides a full GUI-driven configuration experience through Splunk Web \u2014 no manual file editing required.\n\nKey Features:\n\u2022 Multi-cluster Elasticsearch profile management via Splunk UI\n\u2022 DSL Query-focused data retrieval with configurable time-based fetching\n\u2022 ES Scroll API pagination for efficient large-volume data collection\n\u2022 Crash-resilient scroll recovery with a dedicated checkpoint directory\n\u2022 Document-level deduplication guard (rolling 50,000 IDs per stanza)\n\u2022 SSL/TLS certificate verification support\n\u2022 Custom term filters per data source\n\u2022 Global proxy support with Splunk-native credential encryption\n\u2022 Custom sourcetype override per input stanza\n\nIMPORTANT: This add-on is designed exclusively for Elasticsearch 8.x API. It is NOT compatible with Elasticsearch 7.x or earlier versions.\n\nCompatibility:\n\u2022 Elasticsearch: 8.x only\n\u2022 Splunk Enterprise: 8.2+ and 9.x (You can try for 10.x, let me know the updates)\n\u2022 Python: 3.x (bundled with Splunk)", "access": "unrestricted", "path": "https://splunkbase.splunk.com/app/8645/", "download_count": 4, "install_count": 0, "archive_status": "live", "is_archived": false}]}