I'm sorry if the question is ambiguous, but having explored Splunk tutorials, examples, and API references for two days now, I cannot even find a comparison between the alternative ways to create an app.
Ways I have so far explored:
Referenced in several tutorials, like Tutorial: Create an app using Django Bindings
Referenced in tutorial Developing Views and Apps for Splunk Web
These two ways form a different default directory structure for the app (former one using ./django subdirectory's static folder, while latter one using ./appserver's static folder), but they both call themselves "Splunk Apps" and the static locations seem interchangeable despite how they were initialized.
So as my initial question was - which one of these is generally the preferred way?
Or if they are suited for separate use-cases what would there use-cases be?
There isn't a preferred way, just additional options for developers.
The main difference is that creating an app in Splunk Web allows you to use drag-n-drop tools and a built-in UI, so you don't have to know programming. The other way that uses the CLI is for web developers who want to create a custom app using HTML and JavaScript (Django is the underlying framework, but using the Django syntax is optional).
Here are a couple of use cases:
Splunk Web (UI) app
Web developer (CLI) app
Put simply: if you're a web developer, use the CLI method.
Cynthia: Glad to help, let me try to answer your questions.
The two apps work the same way, but the Web Framework version (CLI) adds a /django directory for the Django web framework files and the app's page templates. Pages (aka dashboards) in Splunk Web apps are in XML format, and are in HTML for Web Framework apps.
Here's a brief summary of the different paths to customizing a Splunk Web app:
You want to do light tinkering, like renaming the panels or changing their properties.
Use the drag-n-drop UI
You want to do deeper tinkering, like modifying chart properties that aren't exposed in the UI.
Edit the XML source code
You want to modify more in the Splunk Web app, like changing the format and layout of dashboards, maybe add links or images or other HTML type things.
Convert the individual dashboard to HTML
About that: This process turns the single dashboard (not the whole app) into an HTML file that you can edit, and you can access everything (searches, visualization, drilldown actions, etc.) programmatically using HTML+JavaScript. Drawbacks: the autogenerated code is verbose, no Django features, you can no longer use the UI editor (one-way conversion).
I think converting to HTML is a good learning tool, and useful if you just want to add HTML and don't need to modify the dashboard components, but personally I like a cleaner page (less clutter than autogenerated code) so I prefer creating pages using the Web Framework directly. Then you can also take advantage of the super simple Django syntax to work with searches and visualizations.
Actually, looking at the underlying code for each of these scenarios might help. Check out this comparison that shows the code for the same dashboard in XML, converted HTML, Django, and straightup HTML+JavaScript: Same dashboard using different components.
I will add some docs to address the questions you brought up here. Thanks!
There's more than the /django folder. I would create a dummy Framework app, copy the /django and /appserver folders from it to your existing app, and then do a search on the dummy app name to change it to the existing app name.
Right, I also heard (by IRC) that simply copying folder with basic subfolders and files works as well. It is somewhat pity there's no clear distinction written in documents between these two ways of creating an app - because while Simple XML Dashboards use /search_mrsparkles/ dir templates, Django-based apps use totally different template source...
For me the Django way works better, since I need to customize beyond the things you wrote of. (E.g. "things Splunk UI isn't meant for...)
There isn't a preferred way, just additional options for developers.
The main difference is that creating an app in Splunk Web allows you to use drag-n-drop tools and a built-in UI, so you don't have to know programming. The other way that uses the CLI is for web developers who want to create a custom app using HTML and JavaScript (Django is the underlying framework, but using the Django syntax is optional).
Here are a couple of use cases:
Splunk Web (UI) app
Web developer (CLI) app
Put simply: if you're a web developer, use the CLI method.
I'll post a follow-up answer below, the answer comment box isn't long enough 🙂
I think this is the answer I looked for, thank you. 🙂
So otherwise there is no difference in inner workings of these two app-"types"? (I.e. the directory structure thingy, I mentioned in question..)
Also, could you please elaborate on the "available technologies" per way - like, are you still able to use Django Bindings and bare HTML/CSS/JS in Splunk Web app, or are you restraint to only drag-n-drop and XML (untill you convert it or something)?
I'll accept the answer as soon as have these are clear.. thanks again!
Well, if you are a Django developer, you might use the first way. But most people will use the second way (even Django developers).
The second way seems a lot easier, since all you have to do is log into the Splunk GUI.
What level of access does one need to create an app? Seems like power doesn't provide it, which is perplexing....