All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create and design a custom Splunk application similar to the Splunk App for Web Analytics?

pladamsplunk
Explorer
‎06-27-2016 11:57 AM

In the application store, you see many apps, but there it little to no information on how someone can create their own similar apps for their own personal needs.

My goal is to create an application similar in functionality to the "SplunkAppForWebAnalytics", but I have no idea how to get started.

What I do know is that I want my searches to automatically display the fields

'host'
'http_method'
'http_referer'
'http_request'
'http_user_agent'
'source'
'sourcetype'

just as in the Splunk App for Web Analytics, and I also want to be able to create custom dashboard tabs similar to 'analytics center', 'audience', 'traffic'... etc

0 Karma
Reply

craigv_splunk
Splunk Employee
Splunk Employee
‎06-29-2016 07:00 AM

Apps are a collection of dashboards, saved searches, and configurations for Splunk.

You can certainly fork an app and customize it to your own needs (assuming that the app EULA allows such activity)
All of your apps are located in the $SPLUNK_HOME/etc/apps/
The subfolders in those directories contain the configurations and dashboards that make up an app.
The xml for dashboards can be found in $APP_HOME/default/data/ui/views
The configuration files contained in the app are found in $APP_HOME/default/

If you make changes to configurations it is best to write those changes not to the default folder but to the local folder which should have the same structure within it

If you don't want to mess with the conf files directly, your best bet is to create a copy of the app.
Ex. * cp $SPLUNK_HOME/etc/apps/YOURAPP $SPLUNK_HOME/etc/apps/YOURAPP_copy*
Then go to the copy in the ui and make your changes to it there. If you like your changes and it is stable, then you can use that app instead of the original.

For more see: http://dev.splunk.com/view/get-started/SP-CAAAESC

0 Karma
Reply

pladamsplunk
Explorer
‎06-27-2016 12:03 PM

Also is there any was to basically copy the app rename it and just change the functionality slightly to my personal needs?

0 Karma
Reply

maciep
Champion
‎06-28-2016 05:40 PM

There is some documentation on Splunk's site that might be useful:
http://docs.splunk.com/Documentation/Splunk/6.4.1/AdvancedDev/AppIntro

An app is essentially just a container for other objects - reports, dashboards, lookups, field extractions, etc. And if you have the permissions, it should be a simple as creating a new app from the Splunk web interface (to get started at least).

But it helps to have a good understanding of how Splunk works as well. You may be able to copy an app, but that could tricky/frustrating if you don't know how the app works, and can't figure it out. You might also be able to create a custom dashboard in the app itself as well. That way you can take advantage of its field extractions, macros, etc.

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎06-28-2016 05:45 PM

See also this introduction to app development on the Splunk Developer Portal.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...