The CloudKnox App for Splunk provides several visualizations to view the "Permission Analytics Report" data collected by CloudKnox Add-on for Splunk.
This app has been distributed in two parts.
This app can be set up in two ways:
CloudKnox App for Splunk can be installed through UI using "Manage Apps" > "Install app from file" or by extracting tarball directly into $SPLUNK_HOME/etc/apps/ folder.
If the user has selected a default index (Note: By default, Splunk considers only
main index as default index) in "Data Input" configuration during CloudKnox Add-on for Splunk's configuration step, then no need to perform this step. But if the user has given any other index in "Data Input" configuration, then perform the following steps:
cloudknox(2)macro from the shown table.
index="main" sourcetype="cloudknox:$authSystemtype$:$category$". Update the definition with the index you used for data collection. For example:
cloudknox(2)macro. Also you can verify if the data is there in the index by running the search query
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.