Hands-on, vendor-neutral observability

See the tooling that keeps telemetry honest.

A practitioner-built catalog of Splunk apps, Cribl packs, and SPL utilities — the same tooling running against real production scale. Explore each one, watch it work, then try it yourself.

Browse the catalog
Featured

See it run

Pick a demo below — the player swaps to whatever you choose.

Now playingAttack Analyzer — Demo

Demo video coming soon

Drop the file at and it plays here automatically.

Demos · tap to swap
Attack Analyzer2:40 · blast radius
Innovators Toolkit1:50 · UI walkthrough
Cardinality Pack2:10 · −90% volume
SPL Judge1:30 · live scoring
★ Featured apps
walkthrough

Splunk Innovators Toolkit

Dashboard UI library

Modals, toasts, form controls, progress bars, and data tables for Splunk dashboards.

Splunkbase →
−90%
before / after

Cardinality Reduction Pack

Cribl Stream

Drop high-cardinality labels and aggregate noisy metrics before they hit your TSDB.

Cribl Dispensary →GitHub
live scoring

SPL Judge for Splunk

Browser extension

Score your SPL against 70+ best-practice rules with real-time feedback and tips.

Chrome Web Store →
Splunk · source = splunkbase

Splunk Apps

Production-ready apps for Splunk admins and SOC teams — investigation, asset visibility, governance, and dashboard tooling.

Splunk Innovators Toolkit

Dashboard UI library

A UI component library for Splunk dashboards — modals, toasts, form controls, progress bars, and data tables.

ModalsToastsFormsData Tables
Splunkbase →
blast radius

Attack Analyzer

Enterprise Security companion

Animated blast radius, MITRE ATT&CK coverage, kill-chain reconstruction, and IOC enrichment across 9+ ES data models.

Splunk ESMITRE ATT&CKBlast RadiusSOC
Splunkbase →

Asset Tracker

Inventory & lifecycle

Discover, classify, and track every asset across your Splunk environment. Real-time inventory, ownership, and lifecycle visibility for IT and security.

Asset DiscoveryInventorySplunk App
Splunkbase →

Ellington Cyber Academy

SIEM training platform

A SIEM training platform for entry-level analysts — 150 SPL challenges, sample security data, and hands-on threat-detection exercises.

SIEM Training150+ ChallengesDetection
Explore →
soon

Cost Governance

License & search cost

Monitor license usage, search cost, and resource consumption — and apply governance policies automatically.

LicenseCost Analysis
soon

Data Heartbeat

Gap detection

Watch source types for data gaps. Detects when a source type stops logging and flags it against configurable thresholds.

Gap DetectionAlerts
Cribl · source = dispensary

Cribl Packs

Purpose-built packs for Cribl Stream — shape, reduce, and route observability data to cut volume and keep the signal.

−90%
before / after

Cardinality Reduction Pack

Metric volume control

Drop high-cardinality labels and aggregate noisy metrics before they hit your TSDB. Typical environments cut metric volume by 60–90%.

Cribl StreamMetricsCost Reduction
Cribl Dispensary →GitHub

Data Tap

Live in-flight capture

Live-capture pack for Cribl Stream. Sample and inspect data in-flight without disrupting your pipelines or touching destinations.

Cribl StreamLive CaptureSampling
Cribl Dispensary →
Extensions · source = chrome web store

Browser Extensions

Workflow upgrades for anyone who lives in the SPL search bar.

Tab Complete for Splunk

SPL autocomplete

Terminal-style tab completion for SPL with fish-style ghost text from your search history, plus 40+ built-in abbreviations for faster queries.

Ghost TextTab CompletionAbbreviations
Chrome Web Store →
live scoring

SPL Judge for Splunk

SPL scoring & tips

Score your SPL against 70+ best-practice rules. Real-time feedback, optimization tips, achievements, and efficiency tracking.

70+ RulesReal-time ScoringAchievements
Chrome Web Store →
Community · source = the network

The Network

One vendor-neutral umbrella, two vendor communities. Monthly content drops, tutorials, and early access to everything above.

Splunk Innovators Network400+ members · monthly content drops
Join SIN →
Cribl Innovators NetworkEarly access · pack tutorials
Join CIN →

Need a tool we haven't built yet?

Questions about a tool, a feature request, or interested in the network? Reach out directly — this catalog grows from practitioner requests.

Get in touch