Splunk is awesome. Not only can you consume virtually any data with it, you can also extend and integrate Splunk with virtually any external system. Splunk uses sets of configurations that are referred to as applications or add-ons, which is the primary focus of this book. Leveraging these applications and add-ons is what gives Splunk its unique ability to extend, learn, analyze, and visualize information.
Splunk helps users to determine the root cause of a failure, a quick overview of system health, and dive deep into SQL statements and messages, just to name a few. The aggregation and centralization of log and event management is a growing trend in the Big Data space. By leveraging the combined intelligence gathered from correlating disparate sets of data, businesses or individuals can make data-based decisions. This book will help a Splunk developer, or even just a curious end user, to develop different methods of consuming new data, design new types of visualization, or even just offer tips and tricks that help the software development lifecycle.
Most developer guides will tell you what their book is and/or does. We aim to explain what this book isn't, and allow you to fill in the rest with your imagination! Thus, proceed to this list:
Will not cover Splunk basics
Will not cover creating dashboards via the GUI (other than HTML)
Will not discuss how to code in Python
Will not discuss statistics
Will not cover SDKs
Will not discuss making beer
Splunk basics will not be covered. These include concepts such as searching (finding data, using timecharts, stats, some eval commands, and so on), reporting (making basic pie charts or line charts via the GUI), data inputs (basic file monitoring, TCP and UDP inputs, Splunk forwarders, and so on), and configurations (GUI and web-based configuration editing), to name a few. Creating dashboards via the GUI? Nope. Python will be discussed and sample code will be provided, but this book will not cover the nuances of the code, nor will it teach you Python syntax. We will not cover statistical computation, other than how to practically apply some basic math to create value-based visualizations. We will not cover using the SDKs (software development kits) being used in custom Splunk applications that are external to Splunk (for example, Angular, PHP, .NET, and others). These are out of the scope of this book. Free as in beer? Nope, the choice of hops, starch, and oak-barrel aging for the creation of beer will not be discussed, but rather consumed during the writing and/or reading of this book.
This book will guide you through many the different areas of Splunk App and add-on creation. We will start by looking at the design aspects of an App or add-on, how to create them, what knowledge objects are available for use within the App, ways to enhance your App with metadata and external data, and some basic views and dashboards. From there, we will move into the Splunk Web Framework, modular inputs, jQuery, web framework programs, and then packaging and publishing Apps and add-ons. At the tail end, we will highlight some areas of the Splunk community that prove to be very useful.
There are a few basic assumptions that we are going to make. Having purchased or otherwise obtained this book, we assume that you are interested in developing with Splunk, and have a basic understanding of Splunk and how to navigate around the software. Knowledge of saving searches, reports, and basic dashboarding is a must, since most concepts and examples will be built upon the basics. We also assume that you have basic knowledge of HTML, CSS, JS, and some XML. Here, XML will be limited to the Splunk XML framework specifically. We would also recommend you to have knowledge of, or proficiency in, Python, RequireJS, and other web technologies such as Bower, npm, and Gulp. We will demonstrate how to use these web technologies within a Splunk application.
Chapter 1, Application Design Fundamentals, discusses fundamental questions and considerations before diving into an App or add-on configuration.
Chapter 2, Creating Applications, discusses the basic methods of App and add-on creation, along with an explanation of the structure of an App or add-on.
Chapter 3, Enhancing Applications, discusses a few different configurations that help to enrich your data with Splunk knowledge objects, along with some basic App and add-on branding guidelines.
Chapter 4, Basic Views and Dashboards, goes through the basics of SimpleXML dashboard creation and development.
Chapter 5, The Splunk Web Framework, details the various SplunkJS Stack components and shows examples of how to use them within an HTML dashboard.
Chapter 6, Advanced Integrations and Development, reviews modular inputs, data models, the KV Store, and modular D3 visualizations.
Chapter 7, Packaging Applications, lists the items needed to package an App or add-on, in order to get it ready for publishing.
Chapter 8, Publishing Applications, explains step by step how to upload an App to Splunkbase, and includes some information on the great support community.
To take full advantage of all the examples and code contained within this book, you should have the following items:
An installed and running instance of Splunk.
Basic knowledge of how Splunk works, including searching, basic panels, and dashboards.
An understanding of the various technologies that Splunk uses. These include the following:
Python
JavaScript
HTML
CSS
This book will benefit both the casual Splunker and the experienced professional alike. Whether you are just starting Splunk Apps or add-on development, or have been developing for years, this book has tips and tricks to help with developing new integrations and Splunk Apps and add-ons. Even for quick modular input, this book provides quick tutorials on common integration techniques and code examples.
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "Copy the file to $SPLUNK_HOME/etc/apps
."
A block of code is set as follows:
[splunk_developers_guide] coldPath = $SPLUNK_DB\splunk_developers_guide\colddb homePath = $SPLUNK_DB\splunk_developers_guide\db thawedPath = $SPLUNK_DB\splunk_developers_guide\thaweddb
Any command-line input or output is written as follows:
cd $APP_HOME/default
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Simply click on the Browse button."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <feedback@packtpub.com>
, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
You can download the example code files from your account at http://www.packtpub.com for all the Packt Publishing books you have purchased. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <copyright@packtpub.com>
with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
If you have a problem with any aspect of this book, you can contact us at <questions@packtpub.com>
, and we will do our best to address the problem.