It is very important to first identify the problem that the Splunk add-on will solve. On identifying the problem, the following procedure is to be followed to create an add-on.
It is very important to define the need and problems that the add-on will be solving before we build it.
If the add-on will be used to add data to Splunk, then how do we get that data into Splunk?
The various methods of data input are shown in the following screenshot. An add-on can be configured to use any one of them depending on the requirement and use case.
You may wonder, what will the add-on do next? What configuration files need to be configured in the add-on for the given requirement? Add-ons can be configured for data acquisitions, data transformation, normalization, and enrichment. Add-ons can also be configured to have one or more than one features depending on the need:
The steps to install technology add-ons via the Web and manually are exactly the same as the steps to install a Splunk application, as described in the earlier sections. Users need to follow the same steps and choose the add-on folder in place of the Splunk app folder specified in the preceding steps to install a technology add-on on Splunk Enterprise.