Checksplunk is a Perl script for Splunk administrators to understand the health and integrity of Splunk and the server(s) Splunk is running on. It doesn't write anything to the system or any Splunk config files. Features include display of Splunk level output, Splunk version, Splunk daemon running (from the process table), Splunkd running (from splunk status), Splunkweb running (from splunk status), number of events indexed, number of errors in the log files, errors in log files, number of hosts, indexed hosts, license information, number of user accounts created in Splunk, user audit logs, users with accounts in Splunk, the top 10 systems using the largest amount of license in kb, and the number of searches and last access time by users. It can build all the SPDASH files needed for the Web dashboard interface.
Splunk Hogs is a quick Perl script that was written to find what systems are sending too many events to Splunk and using up all the licenses. This is good for several reasons: developers will turn debugging on and use up all the licenses, which will help catch it early; INFO messages get turned on and useless events will be sent, filling up the licenses; issues will be detected that were being ignored by others. The advantage over Splunk's SaveSearch is that it outputs the raw data, so you can import it into Nagios or other tools. It collects raw data from Splunk that consists of the host, Splunk server, and the count of events that took place.