Writing an event renderer
Event renderers give you the ability to make a specific template for a specific event type. To read more about creating event types, see Chapter 6, Extending Search.
Event renderers use mako templates (http://www.makotemplates.org/). An event renderer is comprised of the following:
- A template stored at
$SPLUNK_HOME/etc/apps/[yourapp]/appserver/event_renderers/[template].html - A configuration entry in
event_renderers.conf - An optional event type definition in
eventtypes.conf - Optional CSS classes in
application.css
Let's create a few small examples. All the files referenced are included in $SPLUNK_HOME/etc/apps/ImplementingSplunkExtendingExamples. These examples are not shared outside this app, so to see them in action, you will ...
Get Implementing Splunk: Big Data Reporting and Development for Operational Intelligence now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
