Splunk apps are not binary code, like a cell phone app. They're simply a collection of Splunk Cloud knowledge objects that can easily be shared and managed. Apps usually focus on a particular use case with visual elements like dashboards and reports, whereas add-ons focus on capturing or defining data behind the scenes. We'll show you how to find and validate apps for your Splunk Cloud.
Apps and add-ons provide ready-to-use functions to help you organize and manage your data. You can find apps compatible with Splunk Cloud on Splunkbase. Splunkbase is a site where developers and users can post and share apps and add-ons and has hundreds of apps and add-ons from Splunk, our partners, and our community.
Apps deliver a user experience designed to make Splunk Cloud immediately useful and relevant for typical tasks and roles. Apps simplify and optimize user tasks yet allow access to the data and functions of the full platform. Apps contain pre-built dashboards, reports, alerts and workflows, give power users in-depth data analysis, and empower business users with point-and-click analytics.
Add-ons typically import and enrich data from any source and create a rich data set ready for direct analysis or use in an app. Use an add-on to extend Splunk Cloud to meet your specific needs. For example, use apps to onboard data from hundreds of common sources, enrich data using other information sources, and to automatically select, identify, and tag fields.
You can access and download apps from Splunkbase or by clicking the apps browser in Splunk Web. Apps available through the app browser have passed validation with the Splunk AppInspect tool. Therefore, you can safely deploy the apps in your Splunk Cloud environment. To learn more, see install apps in your Splunk Cloud deployment in Splunk Cloud User.
Private apps are Splunk apps that are private to your Splunk Cloud deployment. These apps are not publicly available on Splunkbase. Like all Splunk apps, you must submit private apps for app vetting before installing the app on your Splunk Cloud deployment. Splunk uses AppInspect to determine if apps comply with the security requirements of Splunk Cloud. See manage private apps in your Splunk Cloud deployment in Splunk Cloud User Manual for more details.
It is a best practice to run the Splunk AppInspect tool against all private apps before you submit them for installation on Splunk Cloud. By doing this, you ensure the app is compatible with Splunk Cloud and can address any validation concerns early. This accelerates your deployment time for the private app by allowing you to submit a private app that is already compliant with Splunk Cloud. For information about AppInspect, see Splunk AppInspect tool on the Splunk developer portal.
Just as a best practice, all app developers even if it's a custom app for you it's best practice to run your app through app inspect and if for cloud add the cloud tag. If your app is for Splunk Cloud it will still need to go through app vetting via an internal tool. Self service will do this for you but if you need to open a support case to have the app installed it will still be ran through an app cert process. If your app passes app inspect cleanly, no warnings/errors or manual checks, with the cloud tag there is a very good chance it will auto pass the app cert process. If there are warnings or manual checks these will still have to be done by an internal team. If there are errors it will fail at the first error found, if there are more than one error then it will fail each time until they are all corrected.
Thanks for the great info @jgedeon_splunk I’ve verified your comment and added the best practice to the Answer.