All Apps and Add-ons

How to create and design a custom Splunk application similar to the Splunk App for Web Analytics?


In the application store, you see many apps, but there it little to no information on how someone can create their own similar apps for their own personal needs.

My goal is to create an application similar in functionality to the "SplunkAppForWebAnalytics", but I have no idea how to get started.

What I do know is that I want my searches to automatically display the fields


just as in the Splunk App for Web Analytics, and I also want to be able to create custom dashboard tabs similar to 'analytics center', 'audience', 'traffic'... etc

0 Karma

Splunk Employee
Splunk Employee

Apps are a collection of dashboards, saved searches, and configurations for Splunk.

You can certainly fork an app and customize it to your own needs (assuming that the app EULA allows such activity)
All of your apps are located in the $SPLUNK_HOME/etc/apps/
The subfolders in those directories contain the configurations and dashboards that make up an app.
The xml for dashboards can be found in $APP_HOME/default/data/ui/views
The configuration files contained in the app are found in $APP_HOME/default/

If you make changes to configurations it is best to write those changes not to the default folder but to the local folder which should have the same structure within it

If you don't want to mess with the conf files directly, your best bet is to create a copy of the app.
Ex. * cp $SPLUNK_HOME/etc/apps/YOURAPP $SPLUNK_HOME/etc/apps/YOURAPP_copy*
Then go to the copy in the ui and make your changes to it there. If you like your changes and it is stable, then you can use that app instead of the original.

For more see:

0 Karma


Also is there any was to basically copy the app rename it and just change the functionality slightly to my personal needs?

0 Karma


There is some documentation on Splunk's site that might be useful:

An app is essentially just a container for other objects - reports, dashboards, lookups, field extractions, etc. And if you have the permissions, it should be a simple as creating a new app from the Splunk web interface (to get started at least).

But it helps to have a good understanding of how Splunk works as well. You may be able to copy an app, but that could tricky/frustrating if you don't know how the app works, and can't figure it out. You might also be able to create a custom dashboard in the app itself as well. That way you can take advantage of its field extractions, macros, etc.

0 Karma

Splunk Employee
Splunk Employee

See also this introduction to app development on the Splunk Developer Portal.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...