Warning
Splunkbase Classic has been deprecated and will be deactivated on February 18, 2026.
Warning

This app is archived. App archiving documentation

NetWitness Query App for Splunk app icon

NetWitness Query App for Splunk

The NetWitness Query App for Splunk connects to a NetWitness Concentrator, facilitating regular polling of the NetWitness API to gather new session meta data. The collected meta data can be subsequently indexed by Splunk, ensuring timely analysis and processing.

Built by
splunk product badge
Latest Version 1.0.0
July 20, 2023
Compatibility
Splunk Enterprise
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0
CIM Version: 3.x
Rating

0

(0)

Log in to rate this app
Support
NetWitness Query App for Splunk support icon
Not Supported
The NetWitness Query App for Splunk connects to a NetWitness Concentrator, facilitating regular polling of the NetWitness API to gather new session meta data. The collected meta data can be subsequently indexed by Splunk, ensuring timely analysis and processing. The application offers two distinct polling options to cater to diverse requirements. Users can opt to collect either all the recently available session meta data or selectively retrieve specific meta data from NetWitness.

Categories

SIEM

Created By

NetWitness Platform

Type

app

Downloads

298

Licensing

Splunk End User License for Third Party Content(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing