icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Splunkbase will be undergoing a scheduled migration and will be unavailable on Saturday, Oct 1, 2022, from 11AM to 3PM PDT

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Cherwell App For Splunk
SHA256 checksum (cherwell-app-for-splunk_101.tgz) 2d5057578c554959d104d875ca584488193851532735758fa5b36e82fbe77fb0 SHA256 checksum (cherwell-app-for-splunk_100.tgz) 95b4e0b23945745041056f59a5771abf69d92c9fac2322463710dd2d0937fd45
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate


Cherwell App For Splunk

This app has been archived. Learn more about app archiving.
This app is NOT supported by Splunk. Please read about what that means for you here.
The Cherwell App for Splunk contains dashboard visualization to get insight of Cherwell Business Objects such as Incidents, Problems, Tasks, Change Requests and Configurable Items. Additionally, It also contains a dedicated dashboard to analyze all the Incidents created by Custom Alert Action.

This App is designed to work with Cherwell Add-on for Splunk to provide operational visibility for your Cherwell CSM.

Cherwell App For Splunk


Cherwell App for Splunk provides an insight into the incidents, configuration item, change requests, tasks and problems that are reported on your Cherwell instance.

  • Author - Cherwell
  • Version - 1.0.1
  • Build - 1
  • Creates Index - False
  • Uses KV Store - False
  • Uses Source type - cherwell:bo:<business_object_name_for_which_data_is_collected>
  • Prerequisite - Cherwell Add-on For Splunk
  • Compatible with:
    • Splunk Enterprise version: 6.6.x, 7.0.x and 7.1.x
    • OS: Platform independent

Application Installation

This application should be installed on Splunk Search Head instance in your deployment. Follow the link below to install the app based on your deployment:


Once the app has been installed successfully, you need to change the definition of "cherwell_index" macro used by this app to point to the index in which the data is collected by "Cherwell Add-on For Splunk". By default this macro points to main index. Follow below instructions to change the macro definition:

  • Login to Splunk Web UI.
  • Navigate to Settings > Advanced search > Search macros.
  • Search for "cherwell_index" macro and click on it to edit.
  • In the definition text box modify the index name to the one in which the data is being collected by "Cherwell Add-on For Splunk".
  • Click on Save.

Note: You don't require to change the macro definition if the data is being collected into the main index.


This app contains various dashboards to give you insight into your Cherwell data. Below table provides brief description of each dashboard present in the app:

Dashboard Name Description
Overview This dashboard provides a summary of the open incidents, tasks, change requests, and problems on the Cherwell instance.
Incident Summary This dashboard provides summary of the incidents reported on Cherwell instance.
Incident Analysis This dashboard provides analysis on the incidents that are reported on Cherwell instance like open incidents based on priority, category and team, average closure time of the incident, etc.
Splunk Created Incidents This dashboard provides information on the incidents that are reported using Splunk on Cherwell.
Incident Details This dashboard provides detailed information like owner, customer, status, priority, etc for each incident in a tabular format.
Change Request Summary This dashboard provides summary of the change requests reported on Cherwell instance.
Change Request Analysis This dashboard provides analysis on the change requests that are reported on Cherwell instance like open change requests based on priority and team and change requests over time.
Change Request Details This dashboard provides detailed information like owner, start date, end date, status, priority, etc for each change request in a tabular format.
Problem Summary This dashboard provides summary of the problems reported on Cherwell instance.
Problem Details This dashboard provides detailed information like owner, service, status, priority, etc for each problem in a tabular format.
Task Summary This dashboard provides summary of the tasks reported on Cherwell instance.
Task Details This dashboard provides detailed information like owner, created date, closed date, status, etc for each task in a tabular format.
CMDB Summary This dashboard provides summary of the configuration items and assets.
CMDB Details This dashboard provides detailed information like type, manufacturer, vendor, owner, etc of each configuration item.


  • Visualizations Not Populating: Verify that "Cherwell Add-on For Splunk" has been installed and configured. You can also verify if the data is being collected or not by using `cherwell_index` sourcetype="cherwell:bo:*" query.

Known Limitations

  • Sometimes you might observe widgets are being displayed in "All Time" duration and not being displayed or showing inaccurate data in a particular time duration ex: "Last 2 hours" though the data is present. This is because of the Daylight time issue in "Splunk Add-on For Cherwell". Because of this issue in add-on some events may get indexed in future date time when daylight saving is on due to which Splunk fails to capture those events though being present. However these events are captured when "All Time" duration is selected.


Release Notes

Version 1.0.1
Sept. 26, 2018

Updated App Icons.

Version 1.0.0
Sept. 12, 2018

Initial Release

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.