TA-webtools-pro Documentation

Complete guide to all 14 SPL commands

Quick Start

TA-webtools-pro adds 14 custom search commands to Splunk. After installation, you can use these commands directly in your searches without any additional configuration.

Network & Web

curl | dig | ping | trace | telnet

Security & Crypto

openssl | letsencrypt

File Operations

scp | sftp | ftp | file

Domain & Performance

whois | speedtest | urlencode

Command Documentation

curl - HTTP/HTTPS Requests

Make HTTP requests with full control over method, headers, and authentication.

ParameterDescriptionRequired
uriTarget URLYes
methodGET, POST, PUT, DELETE, PATCH (default: GET)No
dataRequest body contentNo
headersCustom HTTP headers as JSONNo
tokenBearer token for authenticationNo
timeoutRequest timeout in seconds (default: 30)No
Example
# GET request
| curl uri=https://api.example.com/data | table curl_status, curl_message

# POST with JSON
| makeresults | eval data="{\"name\":\"test\"}" | curl method=post uri=https://api.example.com/endpoint datafield=data

openssl - Cryptographic Operations

Perform hashing, encryption, key generation, and TLS certificate validation.

ParameterDescriptionRequired
modedigest, hmac, encrypt, decrypt, genkey, tls_cert, verifyYes
algorithmsha256, sha512, md5, etc.No
inputfieldField containing input dataNo
keyEncryption key or passphraseNo
hostHost for TLS certificate checkNo
Example
# SHA256 hash
| makeresults | eval data="Hello World" | openssl mode=digest algorithm=sha256 inputfield=data | table digest

# Check TLS certificate
| openssl mode=tls_cert host=example.com port=443 | table subject, notAfter, valid

dig - DNS Lookups

Query DNS records for domains and IP addresses.

ParameterDescriptionRequired
domainDomain name to queryYes*
domainfieldField containing domain nameYes*
typeA, AAAA, MX, NS, TXT, CNAME, PTR (default: A)No
nsCustom DNS serverNo
Example
# A record lookup
| dig domain=google.com | table domain, answers_json

# MX records
| dig domain=example.com type=MX | table answers_json

# Reverse DNS
| dig ip=8.8.8.8 | table answers_json

ping - Network Connectivity

Test host reachability and measure latency.

ParameterDescriptionRequired
hostTarget hostname or IPYes
countNumber of ping packets (default: 4)No
timeoutTimeout per packet in seconds (default: 2)No
Example
# Basic ping
| ping host=google.com | table host, packet_loss_percent, rtt_avg

# Extended ping
| ping host=8.8.8.8 count=10 | table packets_transmitted, packet_loss_percent, rtt_avg

trace - Network Path Analysis

Trace the network route to a target host.

ParameterDescriptionRequired
hostTarget hostname or IPYes
max_hopsMaximum hops to trace (default: 30)No
timeoutTimeout per hop in seconds (default: 2)No
Example
# Basic traceroute
| trace host=google.com | table host, hops

# Limited hops
| trace target=example.com max_hops=15 | table hops_json

whois - Domain Registration Lookup

Query WHOIS servers for domain registration information.

ParameterDescriptionRequired
domainDomain name to queryYes
domainfieldField containing domain nameNo
Example
# Basic lookup
| whois domain=google.com | table domain, registrar, creation_date, expiry_date

# Batch lookup
| inputlookup domains.csv | whois domainfield=domain | table domain, expiry_date

scp - Secure File Copy

Securely transfer files using SSH.

ParameterDescriptionRequired
modeget (download) or put (upload)Yes
sourceSource file pathYes
destinationDestination pathYes
recursiveCopy directories recursivelyNo
identityfileSSH private key fileNo
Example
# Download file
| scp mode=get source=user@server.com:/remote/file.txt destination=/local/dir

# Upload directory
| scp mode=put source=/local/dir destination=user@server.com:/remote/dir recursive=true

sftp - SFTP File Transfer

Interactive SFTP client for file transfers.

ParameterDescriptionRequired
hostRemote host (user@host)Yes
actionls, get, put, mkdir, rm, cdYes
remote_pathRemote file/directory pathNo
local_pathLocal file/directory pathNo
Example
# List directory
| sftp host=admin@server.com action=ls remote_path=/home | table files_json

# Download file
| sftp host=admin@server.com action=get remote_path=/remote/file.txt local_path=/local

ftp - FTP File Transfer

Legacy FTP client for file operations.

ParameterDescriptionRequired
hostFTP server hostnameYes
actionls, get, put, cdYes
fileFilename for get/putNo
usernameFTP usernameNo

telnet - Port Connectivity Test

Test TCP port connectivity.

ParameterDescriptionRequired
hostTarget hostname or IPYes
portTCP port numberYes
timeoutConnection timeout in secondsNo
Example
# Test SSH port
| telnet host=server.com port=22 | table host, port, connected

# Batch port scan
| makeresults | eval ports=mvappend(22,80,443) | mvexpand ports | eval port=ports | telnet host=server.com port=port

file - File Reader

Read local files or remote URLs.

ParameterDescriptionRequired
pathLocal file pathYes*
urlRemote file URLYes*
linesNumber of lines to readNo
tailRead from end of fileNo
Example
# Read local file
| file path=/var/log/syslog lines=100 | table content

# Read remote URL
| file url=https://example.com/data.txt | table content, status_code

speedtest - Network Speed Test

Run Ookla Speedtest for network performance benchmarking.

ParameterDescriptionRequired
modejson (default) or csvNo
server_idSpecific Speedtest server IDNo
shareShare results onlineNo
Example
# Basic speed test
| speedtest mode=json | table download_mbps, upload_mbps, ping_ms

# Share results
| speedtest mode=json share=true accept_license=true | table download_mbps, share_url

letsencrypt - SSL Certificate Management

Automate Let's Encrypt certificate operations via Certbot.

ParameterDescriptionRequired
modecertonly, renew, status, revokeYes
domainDomain name(s)Yes
emailContact emailNo
dryrunTest without issuingNo
Example
# Dry-run test
| letsencrypt mode=certonly domain=example.com email=admin@example.com dryrun=true

# Renew certificate
| letsencrypt mode=renew domain=example.com

urlencode - URL Encoding

Encode field values for URL-safe format.

Example
# Encode field
| makeresults | eval param="hello world & more" | urlencode param | table param

# Build API URL
| makeresults | eval search="test query" | urlencode search | eval url="https://api.example.com?q=" . search

System Requirements

Note: Windows support is limited. Most commands require Unix utilities and may not function correctly on Windows-based Splunk deployments.

Help & Support

For each command, you can get built-in help by running:

| command_name help

For technical support, contact: support@bentleypc.com