You are previewing Splunk Developer's Guide - Second Edition.
O'Reilly logo
Splunk Developer's Guide - Second Edition

Book Description

Learn the A to Z of building excellent Splunk applications with the latest techniques using this comprehensive guide

About This Book

  • This is the most up-to-date book on Splunk 6.3 for developers

  • Get ahead of being just a Splunk user and start creating custom Splunk applications as per your needs

  • Your one-stop-solution to Splunk application development

  • Who This Book Is For

    This book is for those who have some familiarity with Splunk and now want to learn how to develop an efficient Splunk application. Previous experience with Splunk, writing searches, and designing basic dashboards is expected.

    What You Will Learn

  • Implement a Modular Input and a custom D3 data visualization

  • Create a directory structure and set view permissions

  • Create a search view and a dashboard view using advanced XML modules

  • Enhance your application using eventtypes, tags, and macros

  • Package a Splunk application using best practices

  • Publish a Splunk application to the Splunk community

  • In Detail

    Splunk provides a platform that allows you to search data stored on a machine, analyze it, and visualize the analyzed data to make informed decisions. The adoption of Splunk in enterprises is huge, and it has a wide range of customers right from Adobe to Dominos. Using the Splunk platform as a user is one thing, but customizing this platform and creating applications specific to your needs takes more than basic knowledge of the platform.

    This book will dive into developing Splunk applications that cater to your needs of making sense of data and will let you visualize this data with the help of stunning dashboards.

    This book includes everything on developing a full-fledged Splunk application right from designing to implementing to publishing. We will design the fundamentals to build a Splunk application and then move on to creating one. During the course of the book, we will cover application data, objects, permissions, and more. After this, we will show you how to enhance the application, including branding, workflows, and enriched data. Views, dashboards, and web frameworks are also covered.

    This book will showcase everything new in the latest version of Splunk including the latest data models, alert actions, XML forms, various dashboard enhancements, and visualization options (with D3). Finally, we take a look at the latest Splunk cloud applications, advanced integrations, and development as per the latest release.

    Style and approach

    This book is an easy-to-follow guide with lots of tips and tricks to help you master all the concepts necessary to develop and deploy your Splunk applications.

    Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at If you purchased this book elsewhere, you can visit and register to have the code file.

    Table of Contents

    1. Splunk Developer's Guide Second Edition
      1. Table of Contents
      2. Splunk Developer's Guide Second Edition
      3. Credits
      4. About the Author
      5. About the Reviewer
        1. Support files, eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
          3. Instant updates on new Packt books
      7. Preface
        1. Overview of what this book isn't
        2. What this book is
        3. Assumptions
        4. What this book covers
        5. What you need for this book
        6. Who this book is for
        7. Conventions
        8. Reader feedback
        9. Customer support
          1. Downloading the example code
          2. Errata
          3. Piracy
          4. Questions
      8. 1. Application Design Fundamentals
        1. What is a Splunk application?
          1. Why applications?
            1. Definitions
        2. Designing the App
          1. Identifying the use case
          2. Identifying what you want to consume
          3. Identifying what you want to brand
          4. Identifying what you want to display
        3. Installing Apps
          1. Splunk Web
          2. The Splunk command line
            1. Unzipping using the command line
        4. Summary
      9. 2. Creating Applications
        1. A brief clarification
        2. Methods of creating applications
          1. GUI
          2. CLI
          3. FreeForm
        3. Basic application structure
          1. appserver
          2. bin
          3. default
          4. local
          5. lookups
          6. metadata
          7. static
        4. Application data
          1. Indexes
          2. Source types
          3. Sources
        5. Available Splunk knowledge objects
          1. Macros
          2. Event types
          3. Tags
          4. Saved searches
          5. Dashboards
          6. Lookups
          7. Configurations
        6. Object permissions
          1. The setup screen
            1. The endpoint
            2. The setup file
        7. Summary
      10. 3. Enhancing Applications
        1. Workflows
        2. Custom alert actions
        3. Enriched data
          1. Event types
          2. Tags
          3. Macros
          4. Lookups
          5. Common Information Model
        4. Branding your App
          1. Logos
          2. Navigation
          3. CSS
          4. JavaScript
        5. Acceleration
          1. Summary indexing
          2. Accelerated reports
        6. Summary
      11. 4. Basic Views and Dashboards
        1. Knowing your data
          1. Available modules
        2. SimpleXML dashboard
          1. SimpleXML forms
        3. Custom JavaScript, CSS, and Tokens
        4. HTML dashboards
        5. Summary
      12. 5. The Splunk Web Framework
        1. The HTML dashboard
        2. SplunkJS Stack
          1. Search-related modules
            1. SearchManager
            2. SavedSearchManager
            3. PostProcessManager
          2. View-related modules
            1. ChartView
              1. The different types of ChartView
                1. Area
                2. Bar
                3. Column
                4. Filler gauge
                5. Line
                6. Marker gauge
                7. Pie chart
                8. Radial gauge
                9. Scatter
          3. Display-related modules
            1. CheckboxView
            2. CheckboxGroupView
            3. DropdownView
            4. EventsViewerView
            5. FooterView
            6. HeaderView
            7. MultiDropdownView
            8. RadioGroupView
            9. SearchBarView
            10. SearchControlsView
            11. SimpleSplunkView
            12. SingleView
            13. MapElement
            14. TableView
            15. TextInputView
            16. TimeRangeView
            17. TimelineView
        3. Tokenization
        4. Customizing Splunk dashboards using CSS
        5. Customizing Splunk dashboards using JavaScript
        6. Custom D3 visualization
        7. External data and content
          1. Data
          2. Content
        8. Summary
      13. 6. Advanced Integrations and Development
        1. Modular D3 visualization
        2. Modular inputs
          1. The spec file
          2. Testing modular inputs
          3. Configuring modular inputs
        3. The App Key Value Store
          1. When would you use the KV Store?
          2. Configuring the KV Store
        4. Data models
        5. Version control and package managers
          1. npm
          2. Bower
          3. Gulp
          4. Git
          5. Tying them all together
        6. Summary
      14. 7. Packaging Applications
        1. Naming guidelines
          1. Dos and don'ts
        2. Packaging the App
        3. The App packaging checklist
        4. Summary
      15. 8. Publishing Applications
        1. Self-hosting your App
        2. Splunkbase
          1. Certified Applications
          2. Splunk Cloud applications
        3. Community
          1. Answers
          3. Internet Relay Chat
          4. Wiki
          5. User groups
          6. The SplunkTrust
        4. Summary
      16. Index