Author | Mikael Bjerkeland |
---|---|
App Version | 1.0 |
Vendor Products | Cisco Umbrella/OpenDNS |
Has index-time operations | True |
Create an index | False |
Implements summarization | False |
The Umbrella Add-on for Splunk Enterprise allows a Splunk® Enterprise administrator to index, extract and filter event information from the Cisco Umbrella/OpenDNS service using AWS S3 bucket data.
The app is CIM compliant.
No scripts or binaries are included.
Version 1.0 of the Umbrella Add-on for Splunk Enterprise is compatible with:
Splunk Enterprise versions | 6.x |
---|---|
CIM | 4.8, 4.7 |
Platforms | Platform independent |
Vendor Products | Cisco Umbrella/OpenDNS |
Lookup file changes |
Umbrella Add-on for Splunk Enterprise includes the following new features:
Version 1.0 of the Umbrella Add-on for Splunk Enterprise fixes the following issues:
Version 1.0 of the Umbrella Add-on for Splunk Enterprise has the following known issues:
Version 1.0 of the Umbrella Add-on for Splunk Enterprise incorporates the following third-party software or libraries.
The Umbrella Add-on for Splunk Enterprise for Splunk Enterprise is community supported. If you require professional support, please contact the author
Best effort support is available via Splunk Answers
Umbrella Add-on for Splunk Enterprise supports the following server platforms in the versions supported by Splunk Enterprise:
To function properly, Umbrella Add-on for Splunk Enterprise requires the following software:
Because this add-on runs on Splunk Enterprise, all of the Splunk Enterprise system requirements apply.
Download the Umbrella Add-on for Splunk Enterprise at https://apps.splunk.com/app/3629/.
To install and configure this app on your supported platform, follow these steps:
Follow these steps to install the app in a single server instance of Splunk Enterprise:
Install to search head
Install to indexers
This app should not be installed on indexers
Install to forwarders
Install this app on a Heavy Forwarder used as a data collection node
Follow the same steps as Install to search head.
Follow the same steps as Install to search head.
Unknown
The following procedure should be followed on your Data Collection Node which may be a Heavy Forwarder or in the case of a single instance Splunk-deployment, your Splunk server:
If you have a standalone Heavy Forwarder, follow all steps. On your search head you should only do step 1.
This app provides search-time knowledge for the following types of data:
Search-time
These data types support the following Common Information Model data models:
Source Type | CIM Data Models |
---|---|
opendns:dnslog | Network Resolution (DNS) |
The Umbrella Add-on for Splunk Enterprise contains 1 lookup files.
opendns_categories.csv
Lookup for OpenDNS category names
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.