The THOR App includes:
The THOR Add-on includes:
Event Type Definitions
Source Type Configuration
If you use Splunk as a simple Syslog Receiver you have to install the new THOR Add-on and the new THOR App on that system.
If you use Splunk Forwarders to collect your data, you can now deploy the THOR Add-ons on the Forwarders with the Deployment Manager and the lightweight THOR App on the Search Head.
Upgrading from Version 1:
The Add-on does not include the index "thor" anymore. After upgrading version 1 to version 2, you can then create a new index named "thor" with at least the size of the old index and the index and indexed data will reappear. (no warranty; We recommend creating a backup of that index)
- Allows to analyze LOKI logs (https://github.com/Neo23x0/Loki)
- Bugfixes in thor-remote.exe: better defaults, bugfix in wildcard system name selection
- Allowing wildcards in the hostname field of thor-remot's execution schedule
- Appended ".sample" to the "thor-remote.cfg" and "schedule.csv" to avoid overwritten configs after Add-on updates
- Bugfixes in thor-remote function
- Minor bug fixes
- Bugfix: Tag "false_positive" cannot be empty
- First Release of THOR Add-on v2
- Published as new Add-on as it breaks with many configurations of Add-on version 1
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.