Latest Version 2.0.7
March 17, 2018
This app is archived. App archiving documentation
THOR Add-on v2
The THOR Add-on contains all event types, field extractions, transforms, tags and lookups for the THOR Splunk App.
Built by
Compatibility
Splunk Enterprise
Platform Version: 7.3, 7.2, 7.1, 7.0
CIM Version: 4.x
Rating
0
(0)
Log in to rate this app
Support
Not Supported
The THOR Add-on contains all event types, field extractions, transforms, tags and lookups for the THOR Splunk App.
If you use Splunk as a simple Syslog Receiver you have to install the new THOR Add-on and the new THOR App on that system.
If you use Splunk Forwarders to collect your data, you can now deploy the THOR Add-on on the Forwarders with the Deployment Manager and the lightweight THOR App on the Search Head.
Steps to get data into the Splunk App:
Use sourcetype="thor" for all your inputs (files/udp/tcp)
Recommendation:
Create an index named "thor" and add this index to the base event type definition (Settings > Event Types > "thor_events"):
sourcetype=thor AND index=thor
Categories
Security, Fraud & Compliance
Created By
Florian Roth
Type
addon
Downloads
1,787
Licensing
MIT License(Opens new window)Splunk Answers
Ask a question about this app listing(Opens new window)Resources
Log in to report this app listing