Chapter 8. Working with Apps

Splunk apps are what the industry calls knowledge objects. A knowledge object is a prearrangement of configurations within Splunk, based upon some logic, agreed upon consideration or need. With Splunk, you have the ability to create these apps to extend or customize the users' Splunk experience. In this chapter, we will explore what makes up a Splunk app. We will:

  • Inspect included apps
  • Install apps from Splunkbase
  • Build our own app
  • Customize app navigation
  • Customize the look and feel of apps

Defining an app

In the strictest sense, an app is a directory of configurations and, sometimes, code. The directories and files inside have a particular naming convention and structure.

All configurations are in plain text, and can be ...

Get Implementing Splunk - Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.