Open source & paid Splunk apps

Splunk appsworth trying.

Open source and paid apps for Splunk, from natural-language SPL to drag-and-drop dashboards. Spin up any of them on your own node, free, and keep the ones that earn their place.

Browse the catalogStart a free trial
  • No credit card
  • 30-day trial
  • Verifies offline
  • Splunk Cloud + SHC
splunk · ai-query-assistant
AI Query Assistant for Splunk interface
AI Query Assistant for SplunkPaid
Natural-language to SPL with templates and history.
Try free
AI Query Assistant/Event Builder/Splunk Enterprise/Splunk Cloud/Search Head Cluster/RSA-PSS signed/Node-locked/Verified offline/AI Query Assistant/Event Builder/Splunk Enterprise/Splunk Cloud/Search Head Cluster/RSA-PSS signed/Node-locked/Verified offline/

Apps live today. All free to try.

See the full catalog
AI Query Assistant for Splunk interfacePaid

AI Query Assistant for Splunk

from $9.9/mo

Natural-language to SPL with templates and history.

  • Natural-language to SPL
  • Multi-provider AI
  • Per-user query history
Try free View details
Event Builder for Splunk interfaceOpen source

Event Builder for Splunk

Free · open source

Author and stage Splunk events without leaving the SPL workbench.

  • Drag-drop authoring
  • Live SPL preview
  • Component library
Try free View details

Licensing infrastructure, not just a storefront.

Signing, activation, renewal, and audit. Everything to sell a Splunk app and keep it honest in the field, signed with a key that never leaves the server.

POST /v1/admin/issue→ 201 signed
alg: RSA-PSS · 3072node-locked
sig: verified ✓offline ok

Issue a signed license in one click

Take payment or start a trial and the server returns an RSA-PSS signed, node-locked token. No manual key handling, ever.

Operator console

Audit every issue, renewal, and revoke. Track activations per host across the whole catalog.

Operator console

Verify locally, anywhere

Licenses verify on the customer's install against the public key. No SaaS round-trip, online or air-gapped.

Verify locally, anywhere

Zero-downtime key rotation

Rotate from RSA-2048 to 3072 without breaking a single license already in the field. Splunk Cloud and Search Head Clusters supported.

Zero-downtime key rotation

From curious to running, in about a minute.

  1. 01

    Pick an app

    Choose any app in the catalog — open-source or paid. No account needed to look around.

  2. 02

    Get a signed trial

    We mint a 30-day, node-locked license token signed with your app's RSA key. It lands in your dashboard instantly.

  3. 03

    Activate on your node

    Drop the token into your Splunk install. It verifies locally against the public key, online or air-gapped.

RSA-PSS signed

3072-bit signatures, verified per token.

Node-locked

Bound to a host fingerprint on activation.

Verified locally

No SaaS round-trip. Works air-gapped.

Zero-downtime rotation

Rotate keys without breaking the field.

Operators try it, then tell their team.

We had a signed trial running on our air-gapped search head in ten minutes. Nothing phoned home, and the token verified against the public key we already had on file.
Priya Nair
Priya Nair
Detection Engineer, Tier-1 SOC
The trial converted itself. By the time procurement asked for a demo, the team had been using it for three weeks.
Marcus Lindqvist
Marcus Lindqvist
Security Lead
Open-sourcing Event Builder is why we trusted the paid app. We could read exactly how the signing worked.
Dana Okafor
Dana Okafor
Platform Engineer

One app, priced for the trial to win.

AI Query Assistant tiers. Every plan ships a node-locked, RSA-PSS signed license. Start on Starter, upgrade when the trial proves out.

Starter

30-day trial
Free

Evaluate on a single node.

Start free trial
  • 1 node, node-locked
  • 1 AI provider preset
  • 5 saved templates
  • 7-day history
Most popular

Professional

or $89 / year
$9.9/mo

For growing security teams.

Buy Professional
  • 3 base seats
  • 5 provider presets
  • 30 templates
  • 30-day history
  • Splunk Cloud + SHC

Enterprise

or $349 / year
$39/mo

Large SOC / compliance orgs.

Buy Enterprise
  • 5 base seats
  • Unlimited presets
  • Unlimited templates
  • 365-day history
  • Priority support

Questions, answered.

Still unsure? Start a trial. It costs nothing and tells you more than any sales call would.

Start a free trial
Do trials phone home?+

No. The license verifies locally against the app's public key, so it works fully air-gapped. Nothing about your environment leaves your install.

What happens when a trial ends?+

The app falls back to its unlicensed state. Buy a seat to keep the paid features running. Your data and configuration stay exactly where they are.

How are licenses bound to a machine?+

Each token is node-locked to a host fingerprint captured on first activation. One token activates one node, and the binding is enforced cryptographically.

Can you rotate signing keys without breaking customers?+

Yes. Keys rotate from RSA-2048 to 3072 with zero downtime. Licenses already in the field keep verifying against the key they were signed with.

Which Splunk deployments are supported?+

Splunk Enterprise, Splunk Cloud, and Search Head Clusters. KV-store ACLs and conf replication are handled so the apps behave the same across all three.

Are some apps open source?+

Yes. Apps like Event Builder are free and open source; others are paid. Both use the same signed, node-locked license model.

Ship your first signed app this week.

List a Splunk app, wire up Stripe, and start issuing node-locked licenses. The signing key never leaves the server.

Open the consoleRead the docs