Custom scripts in Splunk



I need to understand that does SPLUNK supports creating our own scripts/java codes to read data from some security devices which have custom API to read data from.
Like, sourcefire estreamer user custom API, so can I built my own code in SPLUNK which reads data from sourcefire. If yes then how it is possible?
Do we have some links available?

Tags (1)


Perhaps the solution is even easier, have you looked at the Splunk for Sourcefire app?


Thanks @martin_mueller for valuable information.

@derekarnold, I have considered this as an option but what I am curious is about the reliability of these apps. If something goes wrong tomorrow so who can support this? Do we have separate license for these apps?

0 Karma


Yes, custom inputs can be plain scripts or modular inputs.

You mentioned Java - the Java SDK has support for modular inputs as well.

You can package those inputs in your own app if you like, and even publish that on Splunk Apps (optional).