All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

splunk unix app

DTERM
Contributor
‎06-06-2011 12:22 PM

I've been tasked with setting up an application similar to the Splunk Unix app. I'm not sure where to start. I have the app created. But the main page is just the familiar Search app. How do I add content similar to what you see in the Unix app? Also, how do i change the color to black as well? I'm looking for a good starting point.

TIA.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎06-07-2011 04:12 PM

I totally agree with mw - you can simply make a copy of the UNIX app in a new directory under $SPLUNK_HOME/etc/apps and change it as you like. (Be sure to give it a new name in app.conf)

Every page that you see in Splunk is a view. When you create a new app from scratch, Splunk automatically sets the app's default view to the search app's view called "flashtimeline" as a starting point. Views are specified in XML; there aren't any binaries. (The Developer manual is mostly about views.)

This is good news, because you can look at the XML for any view from any app that you like - and copy, edit, and tweak it as you like. You can also copy the saved searches, dashboards, etc. There is also an XML file (called default.xml) for each app that defines the view menus - called the "nav bar." In the end, almost everything in Splunk is either in a text XML file, or a text configuration file.

So I recommend that you download a few other apps from Splunkbase, in addition to the UNIX app. There are several apps there that are just "skins" for Splunk; in combination with the css from the UNIX app, you should be able to see how to get started (if you know css). There are also some "example" apps, which are written just to show people how to build cool views in Splunk.

HTH!

View solution in original post

Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎06-07-2011 04:12 PM

I totally agree with mw - you can simply make a copy of the UNIX app in a new directory under $SPLUNK_HOME/etc/apps and change it as you like. (Be sure to give it a new name in app.conf)

Every page that you see in Splunk is a view. When you create a new app from scratch, Splunk automatically sets the app's default view to the search app's view called "flashtimeline" as a starting point. Views are specified in XML; there aren't any binaries. (The Developer manual is mostly about views.)

This is good news, because you can look at the XML for any view from any app that you like - and copy, edit, and tweak it as you like. You can also copy the saved searches, dashboards, etc. There is also an XML file (called default.xml) for each app that defines the view menus - called the "nav bar." In the end, almost everything in Splunk is either in a text XML file, or a text configuration file.

So I recommend that you download a few other apps from Splunkbase, in addition to the UNIX app. There are several apps there that are just "skins" for Splunk; in combination with the css from the UNIX app, you should be able to see how to get started (if you know css). There are also some "example" apps, which are written just to show people how to build cool views in Splunk.

HTH!

Reply
Solved! Jump to solution

mw
Splunk Employee
Splunk Employee
‎06-06-2011 03:01 PM

You'll need this: http://www.splunk.com/base/Documentation/latest/Developer/Whatsinthismanual

To be honest, at least for me, the easiest thing to do is to explore an app from the filesystem (i.e. $SPLUNK_HOME/etc/apps/app_name). There often isn't a ton of stuff going on in an app (well, it's not like it's thousands of lines of compiled code), and it's easiest to understand by looking at the relevant config files, views, etc. These paths are of particular interest:

  • $SPLUNK_HOME/etc/apps/app_name/default
  • $SPLUNK_HOME/etc/apps/app_name/default/data/ui/(views|nav)/*.xml
  • $SPLUNK_HOME/etc/apps/app_name/appserver/static

An application can have it's own stylesheet under appserver/static/application.css which would control the coloring. There's no reason why you can't take the Unix app that's on splunkbase and just tweak it to your liking -- no need to start completely fresh.

Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...