Writing an event renderer

Event renderers give you the ability to make a specific template for a specific event type. To read more about creating event types, see Chapter 7, Extending Search.

Event renderers use mako templates (http://www.makotemplates.org/).

An event renderer is comprised of the following:

  • A template stored at $SPLUNK_HOME/etc/apps/[yourapp]/appserver/event_renderers/[template].html
  • A configuration entry in event_renderers.conf
  • An optional event type definition in eventtypes.conf
  • Optional CSS classes in application.css

Let's create a few small examples. All the files referenced are included in $SPLUNK_HOME/etc/apps/ImplementingSplunkExtendingExamples. These examples are not shared outside this app, so to see them in action you will ...

Get Implementing Splunk - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.