This recipe will show you how to create an empty Splunk app that we will use as the starting point for building our Operational Intelligence application.
To go through this recipe, you will need a running Splunk Enterprise server, with the sample data loaded from Chapter 1, Play Time – Getting Data In. You should have also completed the recipes from the earlier chapters. You should be familiar with navigating the Splunk user interface.
Follow the given steps to create the Operational Intelligence application:
- Log in to your Splunk server.
- From the Apps menu in the upper left-hand corner of the home screen, click on the gear icon.
- Click on the Create app button.
- Complete the fields in the box that follows. Name the app
Operational Intelligenceand give it a folder name ofoperational_intelligence. Add a version number and provide an author name. Ensure that Visible is set to Yes and the barebones template is selected.
- When the form is completed, click on Save. This should be followed by a blue bar with the message Successfully saved operational_intelligence.
Congratulations, you just created a Splunk application!
When an app is created through the Splunk GUI, as in this recipe, Splunk essentially creates a new folder (or directory) named operational_intelligence within the $SPLUNK_HOME/etc/apps directory. Within the $SPLUNK_HOME/etc/apps/operational_intelligence directory, you will find four new subdirectories that contain all the configuration files needed for the barebones Operational Intelligence app that we just created.
The eagle-eyed among you would have noticed that there were two templates that could have been selected from when creating the app: barebones and sample_app. The barebones template creates an application with nothing much inside it, and the sample_app template creates an application populated with sample dashboards, searches, views, menus, and reports. If you wish, you can also develop your own custom template if you create lots of apps, which might enforce certain color schemes for example.
As Splunk apps are just a collection of directories and files, there are other methods to add apps to your Splunk Enterprise deployment.
It is relatively simple to create a new app from an existing app without going through the Splunk GUI, should you wish to do so. This approach can be very useful when we create multiple apps with different inputs.conf files for deployment to Splunk UF.
Taking the app we just created as an example, copy the entire directory structure of the operational_intelligence app and name it copied_app:
cp -r $SPLUNK_HOME$/etc/apps/operational_intelligence/* $SPLUNK_HOME$/etc/apps/copied_app
Within the directory structure of copied_app, we must now edit the apps.conf file in the default directory.
Open $SPLUNK_HOME$/etc/apps/copied_app/default/apps.conf and change the label field to My Copied App, provide a new description, and then save the conf file:
# # Splunk app configuration file # [install] is_configured = 0 [ui] is_visible = 1 label = My Copied App [launcher] author = John Smith description = My Copied application version = 1.0
Now restart Splunk, and the new My Copied App application should now be seen in the application menu.
$SPLUNK_HOME$/bin/splunk restart
Splunk has an entire application website with hundreds of applications created by Splunk, other vendors, and even the users of Splunk. These are great ways to get started with a base application, which you can then modify to meet your needs.
If the Splunk server that you are logged in to has access to the Internet, from the Apps page you can click on the Browse More Apps button. From here, you can search for apps and install them directly.
An alternative way to install a Splunk app is to visit http://splunkbase.splunk.com and search for the app. You will then need to download the application locally. From your Splunk server, on the Apps page, click on the Install app from file button and upload the app you just downloaded in order to install it.
Once the app has been installed, go and look at the directory structure that the installed application just created. Familiarize yourself with some of the key files and where they are located.