O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Splunk Developer's Guide - Second Edition

Book Description

Learn the A to Z of building excellent Splunk applications with the latest techniques using this comprehensive guide

About This Book

  • This is the most up-to-date book on Splunk 6.3 for developers
  • Get ahead of being just a Splunk user and start creating custom Splunk applications as per your needs
  • Your one-stop-solution to Splunk application development

Who This Book Is For

This book is for those who have some familiarity with Splunk and now want to learn how to develop an efficient Splunk application. Previous experience with Splunk, writing searches, and designing basic dashboards is expected.

What You Will Learn

  • Implement a Modular Input and a custom D3 data visualization
  • Create a directory structure and set view permissions
  • Create a search view and a dashboard view using advanced XML modules
  • Enhance your application using eventtypes, tags, and macros
  • Package a Splunk application using best practices
  • Publish a Splunk application to the Splunk community

In Detail

Splunk provides a platform that allows you to search data stored on a machine, analyze it, and visualize the analyzed data to make informed decisions. The adoption of Splunk in enterprises is huge, and it has a wide range of customers right from Adobe to Dominos. Using the Splunk platform as a user is one thing, but customizing this platform and creating applications specific to your needs takes more than basic knowledge of the platform.

This book will dive into developing Splunk applications that cater to your needs of making sense of data and will let you visualize this data with the help of stunning dashboards.

This book includes everything on developing a full-fledged Splunk application right from designing to implementing to publishing. We will design the fundamentals to build a Splunk application and then move on to creating one. During the course of the book, we will cover application data, objects, permissions, and more. After this, we will show you how to enhance the application, including branding, workflows, and enriched data. Views, dashboards, and web frameworks are also covered.

This book will showcase everything new in the latest version of Splunk including the latest data models, alert actions, XML forms, various dashboard enhancements, and visualization options (with D3). Finally, we take a look at the latest Splunk cloud applications, advanced integrations, and development as per the latest release.

Style and approach

This book is an easy-to-follow guide with lots of tips and tricks to help you master all the concepts necessary to develop and deploy your Splunk applications.

Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

Table of Contents

  1. Splunk Developer's Guide Second Edition
    1. Table of Contents
    2. Splunk Developer's Guide Second Edition
    3. Credits
    4. About the Author
    5. About the Reviewer
    6. www.PacktPub.com
      1. Support files, eBooks, discount offers, and more
        1. Why subscribe?
        2. Free access for Packt account holders
        3. Instant updates on new Packt books
    7. Preface
      1. Overview of what this book isn't
      2. What this book is
      3. Assumptions
      4. What this book covers
      5. What you need for this book
      6. Who this book is for
      7. Conventions
      8. Reader feedback
      9. Customer support
        1. Downloading the example code
        2. Errata
        3. Piracy
        4. Questions
    8. 1. Application Design Fundamentals
      1. What is a Splunk application?
        1. Why applications?
          1. Definitions
      2. Designing the App
        1. Identifying the use case
        2. Identifying what you want to consume
        3. Identifying what you want to brand
        4. Identifying what you want to display
      3. Installing Apps
        1. Splunk Web
        2. The Splunk command line
          1. Unzipping using the command line
      4. Summary
    9. 2. Creating Applications
      1. A brief clarification
      2. Methods of creating applications
        1. GUI
        2. CLI
        3. FreeForm
      3. Basic application structure
        1. appserver
        2. bin
        3. default
        4. local
        5. lookups
        6. metadata
        7. static
      4. Application data
        1. Indexes
        2. Source types
        3. Sources
      5. Available Splunk knowledge objects
        1. Macros
        2. Event types
        3. Tags
        4. Saved searches
        5. Dashboards
        6. Lookups
        7. Configurations
      6. Object permissions
        1. The setup screen
          1. The endpoint
          2. The setup file
      7. Summary
    10. 3. Enhancing Applications
      1. Workflows
      2. Custom alert actions
      3. Enriched data
        1. Event types
        2. Tags
        3. Macros
        4. Lookups
        5. Common Information Model
      4. Branding your App
        1. Logos
        2. Navigation
        3. CSS
        4. JavaScript
      5. Acceleration
        1. Summary indexing
        2. Accelerated reports
      6. Summary
    11. 4. Basic Views and Dashboards
      1. Knowing your data
        1. Available modules
      2. SimpleXML dashboard
        1. SimpleXML forms
      3. Custom JavaScript, CSS, and Tokens
      4. HTML dashboards
      5. Summary
    12. 5. The Splunk Web Framework
      1. The HTML dashboard
      2. SplunkJS Stack
        1. Search-related modules
          1. SearchManager
          2. SavedSearchManager
          3. PostProcessManager
        2. View-related modules
          1. ChartView
            1. The different types of ChartView
              1. Area
              2. Bar
              3. Column
              4. Filler gauge
              5. Line
              6. Marker gauge
              7. Pie chart
              8. Radial gauge
              9. Scatter
        3. Display-related modules
          1. CheckboxView
          2. CheckboxGroupView
          3. DropdownView
          4. EventsViewerView
          5. FooterView
          6. HeaderView
          7. MultiDropdownView
          8. RadioGroupView
          9. SearchBarView
          10. SearchControlsView
          11. SimpleSplunkView
          12. SingleView
          13. MapElement
          14. TableView
          15. TextInputView
          16. TimeRangeView
          17. TimelineView
      3. Tokenization
      4. Customizing Splunk dashboards using CSS
      5. Customizing Splunk dashboards using JavaScript
      6. Custom D3 visualization
      7. External data and content
        1. Data
        2. Content
      8. Summary
    13. 6. Advanced Integrations and Development
      1. Modular D3 visualization
      2. Modular inputs
        1. The spec file
        2. Testing modular inputs
        3. Configuring modular inputs
      3. The App Key Value Store
        1. When would you use the KV Store?
        2. Configuring the KV Store
      4. Data models
      5. Version control and package managers
        1. npm
        2. Bower
        3. Gulp
        4. Git
        5. Tying them all together
      6. Summary
    14. 7. Packaging Applications
      1. Naming guidelines
        1. Dos and don'ts
      2. Packaging the App
      3. The App packaging checklist
      4. Summary
    15. 8. Publishing Applications
      1. Self-hosting your App
      2. Splunkbase
        1. Certified Applications
        2. Splunk Cloud applications
      3. Community
        1. Answers
        2. dev.splunk.com
        3. Internet Relay Chat
        4. Wiki
        5. User groups
        6. The SplunkTrust
      4. Summary
    16. Index