What is Calamari?
Calamari is an open-source automation and reporting solution designed specifically for Splunk. It allows Splunk administrators and users to easily schedule, customize, and distribute reports and alerts without needing to write complex Splunk searches.
Some key features of Calamari include:
- Intuitive YAML-based configuration file for defining reports, report formats (PDF, CSV, etc.), schedules, and email/Slack recipients
- Support for attaching reports and visualizations to alert emails
- Report scheduling with crontabs including intraday times
- Template system for custom report branding and using variables
- Command line interface for managing configs and ad-hoc report runs
- Modular architecture for customization including custom transports (teams, SMS), templates, and auth methods
Calamari saves time by automating many routine Splunk reporting tasks without needing to write XML, scripted inputs, or complex saved searches. The configuration driven approach simplifies report management and distribution across teams and roles. Advanced features like two-factor auth for report downloads and multi-tenancy provide enterprise scale capabilities.
Calamari integrates tightly with core Splunk functionality making it an easy way to get more value from existing Splunk investments. It is commonly used to supplement Splunk Enterprise reporting limitations and provide business users with custom reports and data extracts not feasible within Splunk itself.