Accept License Agreements

Thank You

Downloading Splunk Reference App - PAS
MD5 checksum (splunk-reference-app-pas_152.tgz) 4458fa3f4096a032e30fbff8f50f7123 MD5 checksum (splunk-reference-app-pas_150.tgz) 21a1181d0514afeb9be4c95e70d5c28c MD5 checksum (splunk-reference-app-pas_101.tgz) 3b44b62c3c308d315dfd655ba9aa225c MD5 checksum (splunk-reference-app-pas_100.tgz) 2a9291d318757e15ba24e7de54bb92f1
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Splunk Reference App - PAS

Splunk Built
Overview
Details
The Splunk Reference App will help you to learn how to build, test and deploy apps and solutions on Splunk. It is intended to showcase the proven practices and the Splunk Developer Platform which enables you to take advantage of the same underlying technologies that power the core Splunk Enterprise product.

The Pluggable Auditing System (PAS) is intended to enable an organization to monitor various document repositories (current and future). Managers and auditors can use the app to see who has viewed, modified, deleted, or downloaded documents or other artifacts from various sources, detect suspicious behaviors and analyze trends.

Contains: examples, guidance, sample code.

The Splunk Reference App - PAS teaches you how to develop apps for Splunk. Here, you can explore the evolution of the reference app along with some additional engineering artifacts, like tests, deployment considerations, and tradeoff discussions.

The accompanying Splunk Developer Guide for Building Apps presents a documentary of how the team went about building this reference app. The guide is currently available as a public preview. We welcome your feedback on both the app and the guide.

What Does This App Do?

The PAS app is intended to enable an organization to monitor various document repositories (current and future). Managers and auditors can use the app to see who has viewed, modified, deleted, or downloaded documents or other artifacts from various sources.

Requirements

Here's what you need to get going with the Splunk Reference App - PAS.

Splunk Enterprise

If you haven't already installed Splunk Enterprise, download it at
. For more information about installing and
running Splunk Enterprise and system requirements, see the
Installation Manual.

The main PAS app

Install or symlink the main app (pas_ref_app) to the $SPLUNK_HOME/etc/apps folder. For linking, use the ln command on Unix/MacOS or the mklink command on Windows.

Getting data in

There are several ways for you to feed data into the PAS app.

  • Ingest your own data. Just make sure those sources are tagged with "change" and "audit",

  • Use the eventgen app, if you want a simulated data flow. Get it from (note: it may take several minutes before the events start to be generated), or

  • Consume the test data set provided in the test repo.

Install dependencies

The reference app relies on data provider add-ons. Three simulated data providers (file add-on, documents application add-on, database add-on) and one real data provider (Google Drive Data Provider add-on) are made available. Install at least one data provider. You'll find the install scripts for Unix/MacOS and Windows in the /bin folder. For the Google Drive data provider installation and configuration, see specific instructions in the googledrive_addon/README folder.

The reference app uses a lookup table which could have been produced by an HR system process. For demonstration purposes, we have encapsulated it in the pas_hr_info add-on.

(Optional) Certain reference app functionality requires an identity provider. We have used a simulated identity provider.

Configure user access

Create a new user that belongs to the pasadmin or pasuser role, and log in as this new user.

Alternatively, add index 'pas' to the default searchable indexes by going to Splunk Settings -> Access controls -> Role -> admin -> Indexes searched by default and adding 'pas' into the list of default search indexes.

Note: if you are using a Splunk Free license, integrated role-based access control is not available.Thus, you will not be able to add new users or roles and should use the alternative method of adding the pas to the list of indexes searched by default.

Configure the app using the Setup page

Specify at least one department that you want to surface on the Summary dashboard.

Usage

For usage see the About page of the app.

Community and Feedback

Questions, comments, suggestions? To provide feedback about this release, to get help with any problems, or to stay connected with other developers building on Splunk please visit the community site.

File any issues on GitHub.

Community contributions via pull requests are welcomed! Go to the
Open Source page for more information.

Also contains (for discoverability)

Examples, sample code, tests, demo

Release Notes

Version: 1.5.2

This is an update of the Splunk Reference App - PAS for Splunk Enterprise 6.5. It includes improvements to:
- Improvements for Splunk Enterprise 6.5
- Improved event generation
- Better refresh of custom visualizations

The most up-to-date version of the release notes is available at
https://github.com/splunk/splunk-ref-pas-code/blob/master/README.md

This reference app comes with an associated guidance on how to build Splunk apps - http://dev.splunk.com/goto/devguide.

March 13, 2017, 7:22 p.m.

Platform Independent

6.5, 6.4, 6.3

Version: 1.5.0

This is an update of the Splunk Reference App - PAS to Splunk Enterprise 6.3. It includes new features and improvements, such as custom alerts, keycard tracking dashboard, usage telemetry and refactored Google Drive data provider with a smooth OAuth2 token workflow manifested through the UI.

The most up-to-date version of the release notes is available at
https://github.com/splunk/splunk-ref-pas-code/blob/master/README.md

This reference app comes with an associated guidance on how to build Splunk apps - http://dev.splunk.com/goto/devguide.

Sept. 21, 2015, 10:05 p.m.

Platform Independent

6.4, 6.3

Version: 1.0.1

The most up-to-date version of the release notes is available at
https://github.com/splunk/splunk-ref-pas-code/blob/master/README.md

This reference app comes with an associated guidance on how to build Splunk apps - http://dev.splunk.com/goto/devguide.

March 16, 2015, 1:15 p.m.

Platform Independent

6.2

Version: 1.00

The most up-to-date version of the release notes is available at
https://github.com/splunk/splunk-ref-pas-code/blob/master/README.md

This reference app comes with an associated guidance on how to build Splunk apps.

Jan. 27, 2015, 10:51 p.m.

OSX

6.2

612
Installs
1,759
Downloads
Share Subscribe LOGIN TO DOWNLOAD
Version
1.5.0
Category
Security, Fraud & Compliance
Utilities
Product Support
Splunk Enterprise
Splunk Cloud
Content Type
App
Splunk Versions
6.4
6.3
CIM Versions
CIM 4.2
Licensing
Apache 2.0
Platforms
Platform Independent
Community Supported
Questions on SplunkAnswers Flag as inappropriate
Built by

Subscribe Share

Splunk Certification Program

Splunk's App Certification program uses a specific set of criteria to evaluate the level of quality, usability and security your app offers to its users. In addition, we evaluate the documentation and support you offer to your app's users.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2017 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.