The “Splunk App for Nextcloud” visualises Nextcloud (http://nextcloud.com) data collected from Nextcloud generated log files and from Nextcloud monitoring endpoints collected by the “Nextcloud Add-on for Splunk”.
An Install Guide can be downloaded here:
https://intranet.graabek.com/cloud/index.php/s/Lc9oXkaWNmQHBqG
The following information is presented in dashboards:
* Overview.
* Current status of the Nextcloud server (available, in maintenance, web server down, host unavailable).
* Status breakdown for time period.
* Successful and failed logins and ratio of the same.
* Number of defined and active users.
* Number of total shares and number of file operations.
* Nextcloud System Information.
* Information about current Nextcloud server configuration.
* Timeline of Nextcloud server upgrades.
* Users.
* Number of defined and active users.
* Shares and Storage.
* Number of shares, federated shares, files and free disk space.
* Sharing actions.
* Who has shared (or unshared) what, with whom, how (public, user or group shares) and when.
* File and Folder Activity.
* What file or folder operations have been performed by whom, when, from where. Ability to filter the file and folder activity by country and/or user.
* Public File Access.
* What has been accessed via public shares, when and from where.
* Hardware information.
* CPU load averages, free and used memory, database size.
* User/Group Operations.
* When and by whom were users created or deleted, disabled or enabled, added or removed from groups, groups created or deleted.
* Password Changes.
* Who has or have had had their password changed, who changed it and from where. What password reset attempts have there been.
* User Login Activity.
* Login activity over time and by location. Full login activity audit trail. Ability to filter the login activity by country and/or user.
* Failed Logins.
* Failed logins shown from external and from internal IP addresses, over time and by user.
* File, Folder and User Audit.
* Complete file and folder audit trail providing answers to questions such as "what file operations did user X perform when?" or "who did what to file Y when?" or "when did user X do something to file Y?
* Virus Detection.
* Statistics and information from the "Anti-virus for files" app for Nextcloud.
NOTE: Since Nextcloud v14, data is written to two separate log files, the nextcloud.log file and the audit.log file. Most of the data visualised by this app is in the audit.log file. Therefore if you have upgraded your Nextcloud server to v14 you will find that the app is no longer visualising data and you need to also ingest the audit.log file.
-This version of the app does not work with certain earlier versions of Splunk Enterprise. It may work with v7.3. It definitely works with 8.x
-New dashboard:
-"Nextcloud Clients"
Get statistics on proportion of file operations performed using Nextcloud desktop or mobile/tablet apps.
Get visibility into which users use which version of desktop/mobile app. This can be used to identify users who are still using old clients.
-Updated information in "App debugging" dashboard means it is now possible to see if any dashboards have been modified locally.
-Two new dashboards:
-"Sharing Actions"
Shows any sharing actions performed by users. for example when a user shares a file or folder via a public link.
-"User/Group Operations"
Shows any users created or deleted, groups created or deleted, users added or removed from groups, users enabled or disabled + some statistics around the distribution, time and location of the operations.
Note: a Nextcloud "feature" means that your Nextcloud server needs to be v15.0.11 or higher to show users enabled.
-Fixed SPL query bug which caused the "Current Status" panel to not always show the correct status
-Layout of "Overview" dashboard changed (sorry) and additional dashboard panels displaying information about successful vs failed logins.
-New “Public File Access” dashboard. See information about files shared with the Nextcloud "Share link" feature.
-Several dashboards have additional dropdown filters.
-The beginnings of CIM compatibility. Authentication model done, change model almost done.
“Overview” dashboard:
-Trends are now shown as percentages instead of actual values.
-Drill-down fixed.
“File & FolderActivity” dashboard:
-One can now choose a file operation type.
-The “by country” dashboard panel no longer only shows clients accessing the Nextcloud server from a public IP address. Although it isn’t a country, if internal users are using a private IP address, the country is shown as “-internal-“.
“Password changes” dashboard:
-Additional panel added showing password reset attempts.
“Failed Logins” dashboard:
-Several panels now also shown the user name that was used when the failed login occurred.
“File, Folder and User Audit” dashboard:
-Now also shows the IP address.
“User login activity” dashboard:
-Fixed “Top users by login country” to use the time chosen with the time picker.
“Virus detection” dashboard:
-The format of some messages from the Nextcloud Anti-virus app has changed, both formats now accepted.
2.4.0 and 2.4.1 not available due to developer errors
Additional dashboards:
-User login activity
-App debugging
-New “Virus detection” dashboard. The "Anti-virus for files" app for Nextcloud must be installed for this dashboard to populate.
-Added the ability to enter a user name in the “File & Folder Activity” dashboard.
-Added more information to the “Nextcloud System Information” dashboard
-Added information to the “Overview” dashboard.
-Changed the default time period from 24 hours to “Last 7 days” in all dashboards.
-Alert configured for when Nextcloud reports that any Nextcloud apps can be updated. You will most likely want to edit the alert action to alert you via email, pushover, slack or whatever alert action is relevant for you.
-New App icon!
Change of menu layout and additional dashboards:
-Nextcloud System Information
-Password changes
-Failed logins
-File, folder and user audit
-Although not a new dashboard, the "File & Folder Activity" dashboard contains additional panels.
-Additional dashboard for visualising file and folder activity derived from nextcloud.log.
-Configuration to ensure multi-line XML and JSON ingests are always ingested as one event.
-Name change
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.