npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

n8n-nodes-splunk

v1.0.0

Published

A comprehensive n8n community node for Splunk Enterprise providing 12 resources and 70+ operations for search, index management, alerts, HEC data ingestion, and administration.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

velobpavelobpa

Keywords

n8nn8n-community-node-packagesplunksiemlog-managementsecuritymonitoringanalyticssearchalertshec

Readme

n8n-nodes-splunk

[Velocity BPA Licensing Notice]

This n8n node is licensed under the Business Source License 1.1 (BSL 1.1).

Use of this node by for-profit organizations in production environments requires a commercial license from Velocity BPA.

For licensing information, visit https://velobpa.com/licensing or contact [email protected].

A comprehensive n8n community node for Splunk Enterprise, the industry-leading platform for log management, SIEM, and machine data analytics. This node enables workflow automation for search operations, index management, saved searches, alerts, and data ingestion.

n8n Splunk License

Features

  • Search Jobs: Create, manage, and retrieve results from ad-hoc and scheduled searches
  • Saved Searches: Create, update, and run saved searches with alerting capabilities
  • Indexes: Create, manage, and configure Splunk indexes
  • Data Inputs: Configure file monitors, TCP, UDP, and scripted inputs
  • HTTP Event Collector (HEC): Manage HEC tokens and send events directly
  • Alerts: Monitor fired alerts and manage alert actions
  • Users & Roles: Full user and role management capabilities
  • Apps: Install, configure, and manage Splunk apps
  • KV Store: Manage collections and records in Splunk's Key-Value Store
  • Server: Get server info, status, health, and perform restarts
  • Cluster: Monitor and manage cluster master, peers, and configuration
  • Trigger Node: Poll-based trigger for alert monitoring and search completion

Installation

Community Nodes (Recommended)

  1. Go to Settings > Community Nodes
  2. Click Install
  3. Enter n8n-nodes-splunk
  4. Click Install

Manual Installation

# Navigate to your n8n custom nodes directory
cd ~/.n8n/custom

# Install the package
npm install n8n-nodes-splunk

Development Installation

# Clone the repository
git clone https://github.com/Velocity-BPA/n8n-nodes-splunk.git
cd n8n-nodes-splunk

# Install dependencies
npm install

# Build the project
npm run build

# Create symlink to n8n custom nodes directory
mkdir -p ~/.n8n/custom
ln -s $(pwd) ~/.n8n/custom/n8n-nodes-splunk

# Restart n8n
n8n start

Credentials Setup

| Field | Description | Required | |-------|-------------|----------| | Base URL | Splunk instance URL (e.g., https://splunk.company.com:8089) | Yes | | Auth Type | Basic Auth or Token | Yes | | Username | Splunk username (for Basic Auth) | Conditional | | Password | Splunk password (for Basic Auth) | Conditional | | Auth Token | Pre-generated authentication token | Conditional | | Validate Certificates | Enable/disable SSL certificate validation | No |

Resources & Operations

Search Jobs

  • Create, Get, Get All, Get Results, Get Events, Get Summary
  • Cancel, Pause, Unpause, Finalize, Set TTL
  • Supports normal, blocking, and oneshot execution modes

Saved Searches

  • Create, Get, Get All, Update, Delete
  • Run (dispatch), Get History, Acknowledge alerts
  • Scheduling with cron expressions

Indexes

  • Create, Get, Get All, Update, Delete
  • Enable, Disable, Roll hot buckets
  • Configure retention and sizing

Data Inputs

  • Create, Get, Get All, Update, Delete
  • Enable, Disable
  • Support for monitor, TCP, UDP, and scripted inputs

HEC (HTTP Event Collector)

  • Create, Get, Get All, Update, Delete
  • Enable, Disable HEC tokens
  • Send Event, Send Batch (bulk ingestion)

Alerts

  • Get, Get All, Update, Delete
  • Get configured alert actions

Users

  • Create, Get, Get All, Update, Delete
  • Get Roles, Set Roles

Roles

  • Create, Get, Get All, Update, Delete
  • Capability management

Apps

  • Create, Get, Get All, Update, Delete
  • Enable, Disable, Get Config

KV Store

  • Create, Get, Get All, Delete collections
  • Insert, Get, Update, Delete records
  • Query with filters

Server

  • Get Info, Get Status, Get Config
  • Get Messages, Get Health
  • Restart

Cluster

  • Get Master Info, Get Peers, Get Search Heads
  • Get Generation, Get Buckets
  • Maintenance mode control

Trigger Node

The Splunk Trigger node supports:

  • Alert Fired: Triggers when configured alerts fire
  • New Search Results: Triggers when new results are found
  • Saved Search Completed: Triggers when scheduled searches complete

Usage Examples

Run a Search Query

// Search for failed login attempts in the last 24 hours
{
  "resource": "searchJob",
  "operation": "create",
  "search": "index=security sourcetype=auth failed login | stats count by user, src_ip",
  "execMode": "blocking",
  "earliestTime": "-24h",
  "latestTime": "now"
}

Send Events via HEC

// Send a batch of events
{
  "resource": "hec",
  "operation": "sendBatch",
  "events": [
    { "event": "User login", "index": "main", "sourcetype": "app_logs" },
    { "event": "Data processed", "index": "main", "sourcetype": "app_logs" }
  ]
}

Create a Saved Search with Alerting

// Create an alert for error spikes
{
  "resource": "savedSearch",
  "operation": "create",
  "name": "Error Spike Alert",
  "search": "index=app ERROR | stats count | where count > 100",
  "isScheduled": true,
  "cronSchedule": "*/5 * * * *",
  "alertType": "number of results",
  "alertComparator": "greater than",
  "alertThreshold": "0"
}

Error Handling

The node handles common Splunk API errors:

  • 400 Bad Request: Invalid SPL query or malformed request
  • 401 Unauthorized: Invalid or expired credentials
  • 403 Forbidden: Insufficient permissions
  • 404 Not Found: Resource not found
  • 409 Conflict: Resource already exists
  • 503 Service Unavailable: Splunk service temporarily unavailable

Security Best Practices

  1. Use Token Authentication: Prefer pre-generated tokens over basic auth for production
  2. Limit Token Permissions: Create tokens with minimal required capabilities
  3. Enable SSL: Always use HTTPS in production environments
  4. Rotate Credentials: Regularly rotate authentication tokens
  5. Audit Access: Monitor Splunk audit logs for API access

Development

# Run linting
npm run lint

# Fix linting issues
npm run lint:fix

# Run tests
npm test

# Build the project
npm run build

# Watch for changes
npm run dev

Author

Velocity BPA

Licensing

This n8n community node is licensed under the Business Source License 1.1.

Free Use

Permitted for personal, educational, research, and internal business use.

Commercial Use

Use of this node within any SaaS, PaaS, hosted platform, managed service, or paid automation offering requires a commercial license.

For licensing inquiries: [email protected]

See LICENSE, COMMERCIAL_LICENSE.md, and LICENSING_FAQ.md for details.

Contributing

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

Support

Acknowledgments

  • Splunk for their comprehensive REST API
  • n8n for the workflow automation platform
  • The open-source community for contributions and feedback