Splunk’s annual user conference is fast approaching, packed with exciting talks, people, and innovation.
What better time to announce that Datapunctum will be releasing not one but two new Splunk applications to the market!

ElasticSPL – Splunk Add-on for Elastic

The Splunk Add-on for ElasticSPL allows users to run Elastic Queries directly from within Splunk, bringing the power of Splunk Reporting and Visualisation to your ElasticSearch data!

This is especially useful for use-cases where specific data resides within ElasticSearch and is not yet available within the Splunk platform. Users needing to query and visualise this Elastic data can do so using the power of SPL from within Splunk.

Read more about the add-on in our separate blog post here.

ReStream – Splunk Add-on for Cribl Stream Replay

The functionality of REStream including a newly introduced free tier is available in UTStream starting with release 2.0. Go check it out now on Splunkbase!

The Splunk Add-on for Cribl Steam Replay also known as the ReStream App, brings the excellent Cribl Stream Replay functionality to Splunk Users. The ReStream add-on enables easy management of „low-value“ log data stored in low-cost data lakes.

To analyse data stored in a low-cost data lake from within Splunk, the data needs to be replayed and indexed within the platform. Replay activities are currently limited to administrators of the Cribl Product using the standard Cribl tools, but the Cribl Replay Add-on allows users from within Splunk to selectively ingest this data to Splunk for their respective analytical workloads.

Even better: The replay job can be triggered automatically, e.g. by an Enterprise Security correlation search to replay more evidence from data written to low-cost forensic stores.

Read more about the add-on in our separate blog post here.

Pre-Release and General Availability

Both apps will be released in early August. Please contact us at apps (at) datapunctum.ch if you’re interested in testing a pre-release.