icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Log4Shell Vulnerability: Information and guidance for you. Get resources.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading IRI Voracity Data Munging and Masking App for Splunk
SHA256 checksum (iri-voracity-data-munging-and-masking-app-for-splunk_108.tgz) d4c84d2a25a1a54628cb1c57415ab1544954dcaf7066ccee8e0757d7575addec SHA256 checksum (iri-voracity-data-munging-and-masking-app-for-splunk_102.tgz) 70ed14bea9b85d37f4c79b5179ba5213d3324ba681b04cd8a1b8b07d3928a03d SHA256 checksum (iri-voracity-data-munging-and-masking-app-for-splunk_101.tgz) d84633722493a277e83658e0fca1797e462c4fa1c3e466a18bc4c213595839e6 SHA256 checksum (iri-voracity-data-munging-and-masking-app-for-splunk_100.tgz) c1eb8df727ebd8898d8c865a719bf332bd3515cc54260af75d29b91b24f52c5a
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate


IRI Voracity Data Munging and Masking App for Splunk

The IRI Voracity Data Munging & Masking App for Splunk is the best way to feed the myriad data targets of IRI Voracity and its component data discovery, integration, migration, governance, and analytic operations to Splunk Enterprise or Splunk Enterprise Security.

The benefit of all this is seamless, simultaneous operational data-to-information flow ... from Voracity’s fast preparation and protection of big and small data sources to Splunk’s powerful visualizations and adaptive response framework. In a single pass through multiple inputs, Voracity jobs can transform, filter, cleanse, reformat, and stage (wrangle) data for analytics, and de-identify the PII within for compliance and data breaches.

The app takes data produced by IRI jobs defined in the 4GL (*.cl) job scripts of "SortCL"-compatible products in Voracity -- including CoSort, NextForm, FieldShield and RowGen -- and automatically indexes their results into Splunk at specified intervals. This IRI App for Splunk is also capable of running additional command line arguments available to these jobs, such as /WARNINGSON, /STATISTICS, and additional /OUTFILE targets.

Note that this app is a modernized, and extended version of the 2016 (and still available) IRI Add on for Splunk. The add-on provides a similar run-and-index service, but without the newer features or packaging of this new app.

While the app is free, it will not produce any data without an attendant IRI product license. Visit www.iri.com, email voracity@iri.com, or call +1.321.777.8889 for more information..

In Q3’19, IRI created a new, free app for Splunk Enterprise and Enterprise Security users that seamlessly indexes data from any Voracity platform data wrangling or protection job. The app -- available on Splunkbase -- is the modern successor to the 2016 Voracity add-on to Splunk, and an alternative to using Splunk Universal Forwarder to index the data.

The app functions as an invocation and integration point for the execution and use of different SortCL-compatible jobs and their results; i.e.,

IRI CoSort data cleansing and transformation
IRI NextForm data migration and replication
IRI FieldShield PII discovery and de-identification
IRI RowGen test data synthesis and population

The app launches these existing jobs -- usually created graphically in IRI Workbench, an IDE built-on Eclipse, -and automatically ingests and indexes the output data from those jobs into Splunk. From there, the data is ready for Splunk’s usual analytics, visuals and actions.

The app works by running any specified IRI job script as a modular input given its specified location. It also accepts and executes additional SortCL command line arguments to the script, such as /WARNINGSON, /STATISTICS, or another named /OUTFILE target. The data flowing to Splunk through the app should be specified in a structured record format.

Installing the IRI App for Splunk

There are two options to install the IRI app:
download the app from Splunkbase and install it via the “install from file” button within your Splunk instance; or,
search for “IRI Voracity Data Munging and Masking App for Splunk” and have it installed directly.

Creating a Data Input / Modular Input

The input to Splunk is the output of a Voracity job. The first /OUTFILE target in the job must be set to stdout for the data to be indexed into Splunk. Additional command line arguments can be specified in a modular input, including additional /OUTFILE= sections to add other output locations in addition to the pipe into Splunk.

Select the Voracity app from the dropdown menu in the upper-left corner of Splunk. “Inputs” should be the default page of the app. To create an input, select the “Create New Input” button and select the IRI Voracity (SortCL) Job to run, which will produce the input data for Splunk.

Enter a unique name for the data input (without spaces). Set the interval and index location for the data input.

The interval indicates how often the modular input will be run. The modular input involves invoking SortCL from the command line with a specified IRI Job location and any other specified additional command line arguments. The index selector specifies what index the data will be stored in. The IRI Job Location field must be filled with the full path to the IRI job (.*cl file).

Additionally, seven different command line arguments can be added to the Modular Input to be run. These commands include /STATISTICS=, /WARNINGSON, /WARNINGSOFF, /DEBUG, /RC, /MONITOR=, and /OUTFILE=. Background on the SortCL program and its syntax can be found in the CoSort overview booklet.

An extra file path must be specified if a command ends in '='. This field should be left blank if no command is selected or a command that does not end in '=' is selected.

Finally, click the “add” button at the bottom of the dialog. The name of your new input (*.scl job script file) should now be listed in the data inputs table.

Searching the Results

To search the results now available in Splunk, select “Search” from the navbar of the IRI App. Type “Source= “name_of_modular_input_type://modular_input_name”” to search the data indexed by the modular input.

This can also be accessed by clicking “Data Summary” and selecting the source from the “Sources” menu. Use Splunk commands such as |stats, |chart, and |timechart to help visualize your data. See this article for a prior example.


Here is an example of U.S. president data from 1900 onward sorted in a simple CoSort SortCL job, and then indexed and visualized by Splunk:


In addition to visual analytics, you can also use the Splunk Adaptive Response Framework or a Phantom Playbook to take action on production or log data prepared in Voracity across a wide range of industries and applications. Examples would be wrangling customer transactions for Splunk to flag for promotion and pricing decisions, and MQTT or Kafka fed sensor data aggregated (and anonymized) by Voracity for Splunk to use in diagnostic or preventive alerts.

Contact voracity@iri.com if you would like help building out data preparation, presentation, and prescriptive scenarios using Voracity and Splunk.

Release Notes

Version 1.0.8
Sept. 2, 2020

Splunk Enterprise 8.0 Compatibility- migrated to Python 3

Version 1.0.2
Aug. 22, 2019

Updated app icon

Version 1.0.1
Aug. 22, 2019

Fixed permissions issues within the app.

Version 1.0.0
Aug. 22, 2019

V 1.0.0

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.