Splunk has various SDKs for different languages and platforms. We are going to talk about them shortly and won't cover deep application development. Our goal is to get the result as rapidly as possible and using few application development skills. We can always turn to custom development, and our goal is to get quick insights as soon as possible.

There is a nice portal—https://splunkbase.splunk.com—where you can find hundreds of published applications. Extending Splunk with a SDK is not something special; it's a recommended approach to get extended functionality. This book has a chapter describing integration with MongoDB. The MongoDB integration application is taken from the splunkbase portal. We encourage you to look through published apps before starting to develop your own.

We have discovered many different dashboards created using the default Hunk functionality. Now it's time to create our own dashboard with unique functionality using the Splunk JS SDK API (JavaScript).

We used the Oozie coordinator in Chapter 1, Meet Hunk, to import massive amounts of data. Data is partitioned by date and stored in binary format with a schema. It looks like a production-ready approach. Avro is pretty well supported across the whole Hadoop ecosystem. Now we are going to create a custom application using that data. Have a look at the description of the data.

Here is a description of the data stored in the base table:

Now it's time to implement heatmap application. We will start from creating query to get sample data for application and then move forward to coding visualization using Javascript and Python.

(index="milano_cdr_sample" time_interval=1385884800000 
AND (
 (square_id >5540 AND square_id < 5560) OR 
 (square_id >5640 AND square_id < 5660) OR 
 (square_id >5740 AND square_id < 5760) 
 )
)

| fields square_id, sms_in, time_interval 

| stats sum(sms_in) as cdrActivityValue by square_id, time_interval...

We change the behavior of the GoogleMapView component:

var customHeatMap = GoogleMapView.extend

The idea is to override the render method and provide custom handling for the search result. Each row returned from the search manager is presented as:

google.maps.Rectangle

var search = new SearchManager

new DropdownView

You can see a part of Milano highlighted with a heatmap:

The heatmap displays reasonable data. Low activity is observed in the park areas and high activity near metro stations.

Splunk provides various approaches for custom application development. It's possible to start with a so-called simple XML that provides basic functionality. XML declarations allow us to create custom input forms and even visualizations on Google Maps. When you need more, you can turn to classical application development using various languages. The earlier example explained one approach to extending existing components. With a few lines of custom code we got a simple interactive map based on data stored in Hadoop and presented as a virtual index.