All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

splunk unix app

DTERM
Contributor
‎06-06-2011 12:22 PM

I've been tasked with setting up an application similar to the Splunk Unix app. I'm not sure where to start. I have the app created. But the main page is just the familiar Search app. How do I add content similar to what you see in the Unix app? Also, how do i change the color to black as well? I'm looking for a good starting point.

TIA.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎06-07-2011 04:12 PM

I totally agree with mw - you can simply make a copy of the UNIX app in a new directory under $SPLUNK_HOME/etc/apps and change it as you like. (Be sure to give it a new name in app.conf)

Every page that you see in Splunk is a view. When you create a new app from scratch, Splunk automatically sets the app's default view to the search app's view called "flashtimeline" as a starting point. Views are specified in XML; there aren't any binaries. (The Developer manual is mostly about views.)

This is good news, because you can look at the XML for any view from any app that you like - and copy, edit, and tweak it as you like. You can also copy the saved searches, dashboards, etc. There is also an XML file (called default.xml) for each app that defines the view menus - called the "nav bar." In the end, almost everything in Splunk is either in a text XML file, or a text configuration file.

So I recommend that you download a few other apps from Splunkbase, in addition to the UNIX app. There are several apps there that are just "skins" for Splunk; in combination with the css from the UNIX app, you should be able to see how to get started (if you know css). There are also some "example" apps, which are written just to show people how to build cool views in Splunk.

HTH!

View solution in original post

Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎06-07-2011 04:12 PM

I totally agree with mw - you can simply make a copy of the UNIX app in a new directory under $SPLUNK_HOME/etc/apps and change it as you like. (Be sure to give it a new name in app.conf)

Every page that you see in Splunk is a view. When you create a new app from scratch, Splunk automatically sets the app's default view to the search app's view called "flashtimeline" as a starting point. Views are specified in XML; there aren't any binaries. (The Developer manual is mostly about views.)

This is good news, because you can look at the XML for any view from any app that you like - and copy, edit, and tweak it as you like. You can also copy the saved searches, dashboards, etc. There is also an XML file (called default.xml) for each app that defines the view menus - called the "nav bar." In the end, almost everything in Splunk is either in a text XML file, or a text configuration file.

So I recommend that you download a few other apps from Splunkbase, in addition to the UNIX app. There are several apps there that are just "skins" for Splunk; in combination with the css from the UNIX app, you should be able to see how to get started (if you know css). There are also some "example" apps, which are written just to show people how to build cool views in Splunk.

HTH!

Reply
Solved! Jump to solution

mw
Splunk Employee
Splunk Employee
‎06-06-2011 03:01 PM

You'll need this: http://www.splunk.com/base/Documentation/latest/Developer/Whatsinthismanual

To be honest, at least for me, the easiest thing to do is to explore an app from the filesystem (i.e. $SPLUNK_HOME/etc/apps/app_name). There often isn't a ton of stuff going on in an app (well, it's not like it's thousands of lines of compiled code), and it's easiest to understand by looking at the relevant config files, views, etc. These paths are of particular interest:

  • $SPLUNK_HOME/etc/apps/app_name/default
  • $SPLUNK_HOME/etc/apps/app_name/default/data/ui/(views|nav)/*.xml
  • $SPLUNK_HOME/etc/apps/app_name/appserver/static

An application can have it's own stylesheet under appserver/static/application.css which would control the coloring. There's no reason why you can't take the Unix app that's on splunkbase and just tweak it to your liking -- no need to start completely fresh.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...