OpenDNS Detective App for Splunk
This app provides a SPL command (| opendns) to query the Investigate API
provided by OpenDNS. You must have a valid API key from OpenDNS in order
for this App to work.
Once the data is queried from the Investigate API, it's stored in the
opendns_cache KV Store configured by this App.
If you don't already have a dedicated KV Store instance in your
environment, then pick one (ideally a Search Head) to house the cache
KV Store for this App (opendns_cache).
By default, the opendns_cache KV Store is defined by this App. If you
decide to house it on another instance, you will need to define that
server address in the config.ini dicussed below.
There will need to be a user with access to the KV Store created, and
those credentials along with the server address are stored in the
config.ini file discussed below.
The App should be placed on a Search Head, in the $SPLUNK_HOME/etc/apps
folder. The Search Heads will distribute the command to the Indexers as
part of Splunk's default behavior.
A) Create a directory in the App named: local
B) Copy the config.ini from the default directory to the new local
directory created in the step before this one.
C) Edit the config.ini file in the local directory.
D) Restart Splunk
For licensing details, please contact Set Solutions, Inc.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.