As Splunk has grown up, books focusing on specific functions in depth become much more interesting. App development is something that most Splunk admins do, but may not fully understand all of the components available to them. Over time, Splunk had added new features like HTML dashboards, which many admins may not be taking advantage of.The progression of SimpleXML -> AdvancedXML -> HTML dashboards is not without friction. The SDG sheds light on how it works and begins to demystify the creation of HTML dashboards.-I quite liked how the author laid out at the very beginning what this book wouldn't cover. While this book isn’t aimed at only Splunk experts, it is also not a primer on the basics and expects the reader to have solid Splunk experience.-Good flow starting at a holistic view, then breaking it down into building blocks of Splunk Knowledge Objects, and then building back up to the app creation itself and how to assemble the pieces. Along the way, snippets of automation and best practices are thrown in re-enforcing not just the how, but the why.-The author strikes a good balance between CLI interaction with the .conf files that powers Splunk under the hood with the GUI techniques for accomplishing many of the same tasks.-App packaging standards are often overlooked, but not here.A great addition to every Splunk admins bookshelf.

This guide is very helpful for both beginning Splunk developers and advanced Splunk developers. The author does a nice job of building a good foundation by explaining the building blocks that will be used later to build advanced HTML dashboards. The examples are also very well laid out. I would recommend this guide to all Splunk developers.

Nicely done introduction into developing Splunk apps and add-ons, this is a solid entry point for anyone wanting to get started with big data in the Splunk ecosystem.

I purchased this book to learn more about Splunk Application Development. It did not disappoint me, author has covered this wide subject in a clean and concise way. The modular inputs chapter was well written as the splunk documentation was not very clear on this topic. Simple example get you to the concept quickly. I recommend this book for all starters who wants to learn app development using Splunk. Go for it.

Kindle eBookThe bad:This is what I found wrong, my perspective may be flawed, possibly from my inexperience with Splunk, it's just how I see it. If the points touched upon here are not valid, feel free to dismiss this review without prejudice. The book from its inception references data from Meh API (a wonderful website from the creators of woot, which provides a single shopping deal daily) in both text and screenshots, but to no avail provides instructions on how to obtain it/reference/ nor implement it as a data source …. I'm really wondering if I’m missing something, I went over the beginning of the book over and over again, looking for a data load explanation of where the meh API is being implemented, and I got nothing. Even went to publisher’s site and downloaded associated files … It’s like the section on how to consume the data from meh API is just plain missing. I looked online and saw that I am not the only person with same question, so either we are both "off ". If it’s actually there and we both missed it (still a possibility), better communication is needed to convey the meh API setup in the book , or the data setup for a book on data is just plain missing . Downloading the book's Splunk app is not enough. The downloadable app does not work out of the box on Ubuntu 14; maybe all Splunk apps don’t and need additional setup? Did I mention it doesn't work, shocker!, maybe it’s because I’m using 6.3 and it broke on the import, IDK... what I do know is there are no specific instructions in order to set the meh API up otherwise, and there is meh.py in the downloaded files not mentioned in the eBook.On a side note: poor choice in data sources because most likely the results won’t match up with the books, and they are functionally useless because meh items sold changes only once a day, so pie charts and such on a search of multiple sale items referenced is pointless when the deal of the day changes daily (the pie charts are all one color) … I am not seeing any meh documentation on pulling previous days json either. Had to chuckle when data from meh over last 30 days was mentioned. I'm like, "I don’t have that much time to let data accrue especially over a 150pg tech book I can get thru over a day or two…” The reader wanting to follow along with the tutorial is basically forced to fudge their own data. You will have to substitute daily deals in the book with current one, no biggie, but what about variety? You’re practically inserting duplicate records, and comparing the same daily deal to itself thousands of times over doesn’t do much for aggregation.I really question the publisher's reviewers for this book:IMHO, It’s obvious the publishing reviewers (the ones cited in the credits) did not either have the same book, or did not validate the tutorials. Examples:• How do you load the data from meh API? api.meh.com isn’t even searchable in the eBook.• Where's the poll extraction macro defined in summary indexing? I had to get it from the downloaded Splunk app…• Chapter 5 seems to be referencing examples (meh_clicks, visitors,etc…) introduced in chapter 6.It really makes wonder if I am missing something somewhere fundamental, it’s hard to believe that four people reviewed this book before it was published and these observations were not reconciled.To fellow readers:• For "theoretical learners" it’s fantastic (reading the book only), for "practical learners” (ones who want to follow along by practicing the tutorials), the tutorials involving meh data are disappointing.• Only buy the eBook if under $20...• Give up on trying to following the tutorials on your own, and just read it like a book, because you will not see the same results, nor will have complete instructions if you attempt to follow all the tutorials.• If you must, download and install the app from the publisher, it half works after you tweak it. Of course, it doesn’t work..., but it’s much easier to work with than the tutorials direction from the book. Don’t try to start one from scratch.To the author (IMHO):• Next time, get better reviewers, no one can check their own work and the ones credited in the book didn’t do their job, you didn’t fail, they failed you.• Please export the meh data that is referenced in the book, and distribute it from the book publisher’s website. It will help those people who are trying to double check their work based on the visualizations.• Also, besides distributing a comprehensive (non-working) Splunk app, the Splunk app should also be distributed per book chapter containing only the changes within the scope of the chapter.• Needs more content on actual application development, my goal after reading this book was professionalize my Splunk application development. It seems only a fraction of the book is dedicated to actual application development. What about delving head first into a SDK, if they are being utilized it’s not directly mentioned. I was disappointed when a data model was defined/discussed but no tutorial was given. What about custom control creation?If my perspective is wrong or miss-spoke, I am soooo sorry!The good:The book does have its good points, its not a complete mess...., ok, yes it is.However….I like:• The authors wording for Splunk explanations, it has helped me to understand the concepts much clearer. I found Splunk docs explanations as a hard read. I was also weary of digging in to the conf files before, and have found a new confidence during my reading.• The heuristics and best practices the book explains.• How the author displays the code/whatever in the topic then surgically dissects and thoroughly explains what each component does.If you read it like a book, and not attempt to follow the tutorials you should get your $18 (ebook) worth, still worth it…Again, if I am way off, or if anything mentioned that wasn’t there really was there under my nose, I apologize in advance. I know I ripped this book to shreds, I'm really hoping I'm wrong.