Chapter 8. Working with Apps

Splunk apps are what the industry calls knowledge objects. A knowledge object is a prearrangement of configurations within Splunk, based upon some logic, agreed upon consideration or need. With Splunk, you have the ability to create these apps to extend or customize the users' Splunk experience. In this chapter, we will explore what makes up a Splunk app. We will:

Inspect included apps
Install apps from Splunkbase
Build our own app
Customize app navigation
Customize the look and feel of apps

Defining an app

In the strictest sense, an app is a directory of configurations and, sometimes, code. The directories and files inside have a particular naming convention and structure.

All configurations are in plain text, and can be ...

Get Implementing Splunk - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Implementing Splunk - Second Edition by Vincent Bumgarner, James D Miller

Chapter 8. Working with Apps

Defining an app

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly