You are previewing Splunk Developer's Guide.
O'Reilly logo
Splunk Developer's Guide

Book Description

Design, implement, and publish custom Splunk applications and add-ons following best practices

In Detail

This book will equip you with all the necessary information to make the jump from a regular Splunk user to an efficient Splunk application developer. It will give you an overview of Splunk applications and covers the underpinnings of the structure and configurations that are contained within a Splunk application. You will learn about the design fundamentals of a Splunk application, create a directory structure for your application, and set view permissions. You will also see how to enhance your application using event types, tags, and macros.

By the end of this book, you'll have learned how to implement advanced data input and visualizations, and how to package and publish applications ready to deliver meaningful insights so you make better design decisions for your business.

What You Will Learn

  • Implement modular input and a custom D3 data visualization

  • Create a directory structure and set view permissions

  • Create a search view and a dashboard view using advanced XML modules

  • Enhance your application using event types, tags, and macros

  • Package a Splunk application using best practices

  • Publish a Splunk application to the Splunk Community

  • Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

    Table of Contents

    1. Splunk Developer's Guide
      1. Table of Contents
      2. Splunk Developer's Guide
      3. Credits
      4. About the Author
      5. About the Reviewers
      6. www.PacktPub.com
        1. Support files, eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the example code
          2. Errata
          3. Piracy
          4. Questions
      8. 1. Application Design Fundamentals
        1. Overview of what this book isn't
        2. What this book is
        3. Assumptions
        4. What is a Splunk application?
          1. Why applications?
            1. Definitions
        5. Designing the App
          1. Identifying the use case
          2. Identifying what you want to consume
          3. Identifying what you want to brand
          4. Identifying what you want to display
        6. App installation
          1. Splunk Web
          2. The Splunk command line
            1. Unzipping via the command line
        7. Summary
      9. 2. Creating Applications
        1. Point of order
        2. Methods of creating applications
          1. GUI
          2. CLI
          3. FreeForm
        3. Basic structures
          1. The appserver folder
          2. The bin folder
          3. The default folder
          4. The local folder
          5. The lookups folder
          6. The metadata folder
          7. The static folder
        4. Application data
          1. Indexes
          2. Source types
          3. Sources
        5. Available Splunk knowledge objects
          1. Macros
          2. Event types
          3. Tags
          4. Saved searches
          5. Dashboards
          6. Lookups
          7. Configurations
        6. Object permissions
          1. The setup screen
            1. The endpoint
            2. The setup file
        7. Summary
      10. 3. Enhancing Applications
        1. Workflows
        2. Enriched data
          1. Event types
          2. Tags
          3. Macros
          4. Lookups
          5. Common Information Model
        3. Branding your App
          1. Logos
          2. Navigation
          3. CSS
          4. JavaScript
        4. Acceleration
          1. Summary indexing
          2. Accelerated reports
        5. Summary
      11. 4. Basic Views and Dashboards
        1. Knowing your data
          1. Modules available
        2. SimpleXML dashboard
          1. SimpleXML forms
        3. HTML dashboards
        4. Summary
      12. 5. The Splunk Web Framework
        1. The HTML dashboard
        2. The SplunkJS stack
          1. Search-related modules
            1. SearchManager
            2. SavedSearchManager
            3. PostProcessManager
          2. View-related modules
            1. ChartView
              1. The different types of ChartView
                1. Area
                2. Bar
                3. Column
                4. Filler gauge
                5. Line
                6. Marker gauge
                7. Pie Chart
                8. Radial gauge
                9. Scatter
          3. Display-related modules
            1. CheckboxView
            2. CheckboxGroupView
            3. DropdownView
            4. EventsViewerView
            5. FooterView
            6. HeaderView
            7. MultiDropdownView
            8. RadioGroupView
            9. SearchBarView
            10. SearchControlsView
            11. SimpleSplunkView
            12. SingleView
            13. SplunkMapView
            14. TableView
            15. TextInputView
            16. TimeRangeView
            17. TimelineView
        3. Tokenization
        4. Customizing Splunk dashboards using CSS
        5. Customizing Splunk dashboards using JavaScript
        6. Custom D3 visualization
        7. External data and content
          1. Data
          2. Content
        8. Summary
      13. 6. Advanced Integrations and Development
        1. Modular D3 visualization
        2. Modular inputs
          1. The spec file
          2. Testing modular inputs
          3. Configuring modular inputs
        3. The App Key Value Store
          1. When would you use the KV Store?
          2. Configuring the KV Store
        4. Data models
        5. Version control and package managers
          1. NPM
          2. Bower
          3. Gulp
          4. Git
          5. Tying them all together
        6. Summary
      14. 7. Packaging Applications
        1. Naming guidelines
          1. Do's and don'ts
        2. Packaging the App
        3. The App packaging checklist
        4. Summary
      15. 8. Publishing Applications
        1. Self-hosting your App
        2. Splunkbase
          1. Certified Applications
        3. Community
          1. Answers
          2. dev.splunk.com
          3. Internet Relay Chat
          4. Wiki
          5. User groups
        4. Summary
      16. Index