Zabbix Add-on For Splunk
Zabbix Add-on For Splunk provides functionality to send Splunk logs to Zabbix.
Author - Bhavik Bhalodia
Creates Index - False
Splunk Enterprise version: 7.3.x, 8.0.x,8.1.x
OS: Platform independent
Splunk Cloud / Splunk Enterprise
- Configure Zabbix Trapper on the Zabbix server. (https://www.zabbix.com/documentation/4.0/manual/config/items/itemtypes/trapper)
Installation Location: Search Head(s)
Install the TA bundle by:
1) Downloading the TA package
2) In the UI navigate to: “Manage Apps’
3) In the top right corner select ‘Install app from file’
4) Select ‘Choose File’ and select the TA package
5) Select ‘Upload’ and follow the prompts – restarting Splunk as necessary
Scheduled Search Format:
1) The result of the scheduled search must contains a field called "zabbix_key". This field will matched with the hostname/Key configured in Zabbix.
2) If user want to add any record for paticular time then add "time" field to the result of the Splunk search. The value of this time filed must be in "UNIX" format.
3) Remaining column name of the search result must match with the item configured in Zabbix Server.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.