I'm sorry if the question is ambiguous, but having explored Splunk tutorials, examples, and API references for two days now, I cannot even find a comparison between the alternative ways to create an app.
Ways I have so far explored:
Referenced in several tutorials, like Tutorial: Create an app using Django Bindings
Referenced in tutorial Developing Views and Apps for Splunk Web
These two ways form a different default directory structure for the app (former one using ./django subdirectory's static folder, while latter one using ./appserver's static folder), but they both call themselves "Splunk Apps" and the static locations seem interchangeable despite how they were initialized.
So as my initial question was - which one of these is generally the preferred way?
Or if they are suited for separate use-cases what would there use-cases be?
Well, if you are a Django developer, you might use the first way. But most people will use the second way (even Django developers).
The second way seems a lot easier, since all you have to do is log into the Splunk GUI.
There isn't a preferred way, just additional options for developers.
Here are a couple of use cases:
Splunk Web (UI) app
Web developer (CLI) app
Put simply: if you're a web developer, use the CLI method.
I think this is the answer I looked for, thank you. 🙂
So otherwise there is no difference in inner workings of these two app-"types"? (I.e. the directory structure thingy, I mentioned in question..)
Also, could you please elaborate on the "available technologies" per way - like, are you still able to use Django Bindings and bare HTML/CSS/JS in Splunk Web app, or are you restraint to only drag-n-drop and XML (untill you convert it or something)?
I'll accept the answer as soon as have these are clear.. thanks again!
Cynthia: Glad to help, let me try to answer your questions.
The two apps work the same way, but the Web Framework version (CLI) adds a /django directory for the Django web framework files and the app's page templates. Pages (aka dashboards) in Splunk Web apps are in XML format, and are in HTML for Web Framework apps.
Here's a brief summary of the different paths to customizing a Splunk Web app:
You want to do light tinkering, like renaming the panels or changing their properties.
Use the drag-n-drop UI
You want to do deeper tinkering, like modifying chart properties that aren't exposed in the UI.
Edit the XML source code
You want to modify more in the Splunk Web app, like changing the format and layout of dashboards, maybe add links or images or other HTML type things.
Convert the individual dashboard to HTML
I think converting to HTML is a good learning tool, and useful if you just want to add HTML and don't need to modify the dashboard components, but personally I like a cleaner page (less clutter than autogenerated code) so I prefer creating pages using the Web Framework directly. Then you can also take advantage of the super simple Django syntax to work with searches and visualizations.
Right, I also heard (by IRC) that simply copying folder with basic subfolders and files works as well. It is somewhat pity there's no clear distinction written in documents between these two ways of creating an app - because while Simple XML Dashboards use /search_mrsparkles/ dir templates, Django-based apps use totally different template source...
For me the Django way works better, since I need to customize beyond the things you wrote of. (E.g. "things Splunk UI isn't meant for...)
I will add some docs to address the questions you brought up here. Thanks!
There's more than the /django folder. I would create a dummy Framework app, copy the /django and /appserver folders from it to your existing app, and then do a search on the dummy app name to change it to the existing app name.