This is a utility to actively monitor a series of Splunk's indexe(s) for integrity control enablement and intergiry validation output. Finnally, the results will be indexed for alerting and reporting.
Deploy to only ONE indexer.
Modify integrity_check.sh to identify which index you would like to monitor. Currently it is checking the superSecureDataStore Index. You can monitor multiple indexes with few adjustments.
Use this at your own risk, it's a proof-of-concept.
This was created on my own and is not supported or endorsed by my employer.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.