Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Technology add-on for macOS app icon

Technology add-on for macOS

The Technology Add-on for macOS Endpoint Logs (TA-macOS) provides index-time and search-time configurations for collecting and normalizing endpoint logs from macOS systems that have the Splunk Universal Forwarder installed. It focuses on native macOS logs, specifically `/var/log/system.log` and `/var/log/install.log`, and turns them into analytics-ready data for security and operations use cases.

Built by
splunk product badge
Latest Version 1.0.0
December 2, 2025
Compatibility
Not Available
Platform Version: 10.1, 10.0, 9.4, 9.3
CIM Version: 6.x, 5.x
Rating

0

(0)

Log in to rate this app
Support
Technology add-on for macOS support icon
Developer Supported addon
The Technology Add-on for macOS Endpoint Logs (TA-macOS) provides index-time and search-time configurations for collecting and normalizing endpoint logs from macOS systems that have the Splunk Universal Forwarder installed. It focuses on native macOS logs, specifically `/var/log/system.log` and `/var/log/install.log`, and turns them into analytics-ready data for security and operations use cases. This add-on defines consistent sourcetypes, handles multiline events correctly, extracts core fields, and provides CIM-friendly eventtypes and tags that support Splunk Enterprise Security data models such as Authentication, Change, and Endpoint.

Categories

Created By

Travis Lelle

Type

addon

Downloads

24

Licensing

Splunk End User License for Third Party Content(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing