icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Bitcoin Observer
SHA256 checksum (bitcoin-observer_11.tgz) 1338a3581ac360e4fe023cbe537eb93e9517f7ce1a7bb94676d9e31238959f66 SHA256 checksum (bitcoin-observer_10.tgz) b871cf264e4bb0e606af57c03a86159be839fac43596806c26a5255cc895e291
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

Bitcoin Observer

This app is NOT supported by Splunk. Please read about what that means for you here.
Overview
Details
The block chain serves as the public general ledger for all Bitcoin transactions, and as such contains a wealth of information. Using scripted inputs to connect to the Blockchain.info data API makes is possible to leverage Splunk to easily gain insight to the inner workings of the Bitcoin network.

Bitcoin Observer

This application connects to the blockchain.info website API to retrieve bitcoin blockchain data.

Requirements are a 6.x Splunk Enterprise install running on Linux.

Data colleciton is accomplished via 3 scripted inputs which rely on a local python install (not the version bundled with Splunk) and the blockchain module.

The module can be installed by running 'pip install blockchain' from the command prompt.

Script detail:

bcblock.py - Returns info related to the latest block. The script uses a local key file which is updated with the block_height of the most recent block. The script retrieves all of the transactions for each individual block.
bcchart.py - returns BTC values vs world currencies
bcstat.py - returns higher level stats for the bitcoin network

If there is a problem collecting data, attempt to run the scripts manually by running the corresponding wrapper scripts in the bin directory - bcblock.sh, bcstats.sh, bcchart.sh
Verify that the python path is correct, the blockchain module is installed and that there is connectivity with the blockchain.info site.

Splunked data is sent to the bitcoin index. When performing manual searches use index=bitcoin.
The "eventcat" field is used to label six different event types.
eventcat=block - high level block information
eventcat=transaction - details transaction objects for individual blocks.
eventcat=input_from - addresses that have received bitcoins and the corresponding amounts.
eventcat=output_to - addresses that have sent bitcoins and the corresponding amounts.
eventcat=stat - high level bitcoin network statisitics
eventcat=currency - bitcoin value vs foreign currencies

The 'block_height' field is used as a common identifier across the block, transaction, input_from, output_to event types.
The 'tx_index' field is used as a common identifier to link transaction events to input_from and output_to events.

Traversing a block to a bitcoin address follows this path:

block -> transaction -> input_from

block -> transaction -> output_to

Navigation:

There are 7 views available with the app.

'Meta Stats' and 'Miner Stats' contain overview stats and trends for the bitcoin network. This includes the current block height, transaction trends, hashrate, minutes between blocks, etc.

'Bitcoin Address Info' provides details on the most re-used bitcoin addresses in the last 24 hours. Drilling down on a bitcoin address in the pie charts provide a way to see transaction amounts for this address and a map detailing the location of the transaction.
A note about the accuracy of location information: Bitcoin uses peer-to-peer connections to share the transaction database called the "Blockchain". This app uses the blockchain.info
"Relayed by IP" address to determine location.
This is just the first IP address that blockchain.info saw broadcast the transaction, not necessarily the IP address that originated the transaction.
Mobile wallets and non-full nodes typically do not broadcast IP information.
More detail about how IP addresses are handled on the bitcoin network can be found here:
http://cointext.com/bitcoin-and-ip-address-privacy/

'Bitcoin Address Query' provides a form that allows a search on a specific bitcoin address to see historical transaction information.

'Block Explorer' provides a way to drill down to individual blocks and transactions to see specific transfer amounts.

'Currency Charts' provides a trend chart of bitcoin value vs a basket of currencies.

'GeoLocation' provides a world view map of recent transactions

Release Notes

Version 1.1
Oct. 23, 2017

Fixed a python module dependency

Version 1.0
Jan. 22, 2015

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.