icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Splunkbase will be undergoing a scheduled migration and will be unavailable on Saturday, Oct 1, 2022, from 11AM to 3PM PDT

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Keyword
SHA256 checksum (keyword_214.tgz) 052b4b7fa8ddcaba4b5845ed05f1ca1024f25e4c8c61684f1e4091642a2d3af8 SHA256 checksum (keyword_213.tgz) 5ba0c91462d178a0ac9db160180f602bfbe34d34a67271c0a05fd2454a2fc9ae SHA256 checksum (keyword_21.tgz) b1bfb3d3a4e6c2969485901b5e05706e2f195dfe0baa1937963bb5ec635e106f SHA256 checksum (keyword_202.tgz) e64267715e63320fbf696be5caa1b28dbc8644ba054c38b23f04730f4c7d3345 SHA256 checksum (keyword_201.tgz) 8bbb0b514b9e975933dc3e81b36a60d3f001e2ae2c875dbf0b76be0b4b2ff13e SHA256 checksum (keyword_18.tgz) e45dd5020038cc715d4dfa016b39eee14a1ecd0ad8ea7ce98f5c1626d47a24c8 SHA256 checksum (keyword_17.tgz) d307cee5957bb54cac01f72465c38c5155dea4b381f890859f78d8d4dc0ebf61 SHA256 checksum (keyword_16.tgz) a1660942cd9e103843289365e9bbf65992942e07fbbc85d6f5a512b449776caf SHA256 checksum (keyword_15.tgz) 133b4a796f1504139f35d00367da586a37109fabbaf12df11c62482723529ff7 SHA256 checksum (keyword_14.tgz) 0919070efe1a76999ebc1586acbd8ae398a6d6f98c4e161ebf3ff56579d27d3c SHA256 checksum (keyword_13.tgz) 92a6987e7e7b5b8143688390e38817186472a31f10bb8677afb93b55417b63c6 SHA256 checksum (keyword_122.tgz) 88a8a4e0b1bdf0599bcd419275626824802ccde8aa3e0a25fda8e1f99f452c3d SHA256 checksum (keyword_121.tgz) 8c3145339432555a780ee87ed6b7a2c6890846466817fc7911bca5905b2ff4ae SHA256 checksum (keyword_12.tgz) 21eada4130e117abd738d38efa8f0d8377577ac8c91ec1bb2aae20c31b298b50 SHA256 checksum (keyword_11.tgz) 0dc4a762e6694831ebfce18b40ba56336fd059ecba7f4915669db0a126f49574 SHA256 checksum (keyword_10.tgz) 59e461d6e8f99990e8c88c15c141c4e6951a94e70d0ab86a8340acd4f3d93605
To install your download
To install apps and add-ons from within Splunk Enterprise
  1. Log into Splunk Enterprise.
  2. On the Apps menu, click Manage Apps.
  3. Click Install app from file.
  4. In the Upload app window, click Choose File.
  5. Locate the .tar.gz file you just downloaded, and then click Open or Choose.
  6. Click Upload.
  7. Click Restart Splunk, and then confirm that you want to restart.
To install apps and add-ons directly into Splunk Enterprise
  1. Put the downloaded file in the $SPLUNK_HOME/etc/apps directory.
  2. Untar and ungzip your app or add-on, using a tool like tar -xvf (on *nix) or WinZip (on Windows).
  3. Restart Splunk.
After you install a Splunk app, you will find it on Splunk Home. If you have questions or need more information, see Manage app and add-on objects.

Flag As Inappropriate



Splunk Cloud
This app presents a form where a user can type a keyword such as error and find top/timecharts of the results by source, sourcetype, and host on a dashboard. The same search could be used for finding last week vs. this week comparisons, to see if there are any sources, sourcetypes, or hosts that go above standard deviation plus the average count of occurrences, and to see a donut chart dashboard distribution of different keywords by metadata. See the README for more details.
Look under the Dashboard Menu for the Rare, Rare Punctuation, Cluster to find Anomalies, Outlier, Slope, Predict, Timewrap, Abstract of Events, Easy Button to find errors, and Baseline Forms.

Release Notes

Version 2.1.4
June 3, 2021

Removed JS files for Jquery compliance. Added version="1.1" in all forms and dashboards for Splunk 8.2. Added approved Autobahn logo to indicate this can be used in Splunk Cloud.

Version 2.1.3
Jan. 23, 2020

lowercase x for static/appIcon_2x.png spelling to pass appInspect

Version 2.1
Oct. 9, 2018

Added Introduction Page and moved top dashboard to dashboards. If you have Module error issues with the Donut Chart, try restarting Splunk.

Version 2.0.2
July 25, 2017

Updated |REST call to |eventcount to get index names for each dashboard's index field. Thanks Jay Slay.

Version 2.0.1
July 17, 2017

fixed bug with duplicate indexes (dedup title. Thanks Jay Slay). Also, changed Easy Button to Easy Triage and updated description.

Version 1.8
March 14, 2016

Added Hutch's Icons; Added Abstract Dashboard. Took quotes away from keyword_field in search template so that you can search for anything before the | symbol.

Version 1.7
Jan. 9, 2015

Updated Top and Rare Punct Dashboards to use stats, count, and head 10

Version 1.6
Sept. 18, 2014

Added rare punct. Changed icon

Version 1.5
May 29, 2014

Keyword Rare Punctuation - finds rare events based on punctuation

Version 1.4
May 28, 2014

Added Rare Dashboard

Version 1.3
Feb. 6, 2014
Version 1.2.2
April 8, 2013

Changed Donut Chart Dashboard to now split by top 10 host, source, or sourcetype.

Version 1.2.1
April 3, 2013

Donut chart now splits by sourcetype only as the results are same if you used host or source, so I just picked sourcetype.

Version 1.2
April 3, 2013

Added Ron Naken's Donut Chart (new dashboard) and changed stdev to stdevp in Outliers Dashboard.

Version 1.1
March 22, 2013

Added Slope and Predict Dashboards.

Version 1.0
March 19, 2013

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.