All Apps and Add-ons

What are the pros and cons of creating a Splunk app and addon separately?

rshah_splunk
Splunk Employee
Splunk Employee

If developing a new Splunk application, should we prefer creating two separate components, i.e. app and addon or a single bundle? What are the pros and cons? What is the recommended way?

Tags (1)
0 Karma

iandrews_splunk
Splunk Employee
Splunk Employee

Apps are normally for GUI stuff / search heads (dashboards, lookups, etc...)

Add-ons are for knowledge objects, props, transforms, inputs, etc...

If you were to create an add-on that only made a sourcetype CIM compliant, there would be no need for a GUI and, therefore, putting it all in one add-on would be best.

If you wanted to include dashboards, putting the dashboards in an app, and the props/transforms in an add-on, would be best. The admins wouldn't have to install the GUI configs on the indexers, and you could update the two independently.

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...