TA-osquery app icon

TA-osquery

A Splunk Technology Add-ON that ingests, parses, and CIM maps osquery host telemetry for use in Splunk security apps.

Built by
splunk product badge
Latest Version 1.0.4
March 19, 2026
Compatibility
Splunk Enterprise, Splunk Cloud
Platform Version: 10.3, 10.2, 10.1, 10.0, 9.4, 9.3
CIM Version: 4.x
Rating

0

(0)

Log in to rate this app
Support
TA-osquery support icon
Developer Supported addon
TA-osqueryv1 is a Splunk Technology Add-On that collects and normalizes host telemetry from osquery. It parses osquery's JSON log output, fixes timestamps, and maps process and file activity events to Splunk's CIM Endpoint data model - making the data immediately usable in Splunk ES and other security apps. No custom code - purely configuration-driven.

Categories

Endpoint, SIEM

Created By

Rod Soto

Contributors

Rod Soto, Raven Tait

Type

addon

Downloads

9

Licensing

Apache License Version 2.0(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing