This recipe will show you how to create an empty Splunk app that we will use as the starting point for building our Operational Intelligence application.
To go through this recipe, you will need a running Splunk Enterprise server, with the sample data loaded from Chapter 1, Play Time – Getting Data In. You should have also completed the recipes from the earlier chapters. You should be familiar with navigating the Splunk user interface.
Follow the given steps to create the Operational Intelligence application:
Operational Intelligence
and give it a folder name of operational_intelligence
. Add a version number and provide an author name. Ensure that Visible is set to Yes and the barebones template is selected.Congratulations, you just created a Splunk application!
When an app is created through the Splunk GUI, as in this recipe, Splunk essentially creates a new folder (or directory) named operational_intelligence
within the $SPLUNK_HOME/etc/apps
directory. Within the $SPLUNK_HOME/etc/apps/operational_intelligence
directory, you will find four new subdirectories that contain all the configuration files needed for the barebones Operational Intelligence app that we just created.
The eagle-eyed among you would have noticed that there were two templates that could have been selected from when creating the app: barebones
and sample_app
. The barebones
template creates an application with nothing much inside it, and the sample_app
template creates an application populated with sample dashboards, searches, views, menus, and reports. If you wish, you can also develop your own custom template if you create lots of apps, which might enforce certain color schemes for example.
As Splunk apps are just a collection of directories and files, there are other methods to add apps to your Splunk Enterprise deployment.
It is relatively simple to create a new app from an existing app without going through the Splunk GUI, should you wish to do so. This approach can be very useful when we create multiple apps with different inputs.conf
files for deployment to Splunk UF.
Taking the app we just created as an example, copy the entire directory structure of the operational_intelligence
app and name it copied_app
:
cp -r $SPLUNK_HOME$/etc/apps/operational_intelligence/* $SPLUNK_HOME$/etc/apps/copied_app
Within the directory structure of copied_app
, we must now edit the apps.conf
file in the default directory.
Open $SPLUNK_HOME$/etc/apps/copied_app/default/apps.conf
and change the label field to My Copied App, provide a new description, and then save the conf
file:
# # Splunk app configuration file # [install] is_configured = 0 [ui] is_visible = 1 label = My Copied App [launcher] author = John Smith description = My Copied application version = 1.0
Now restart Splunk, and the new My Copied App application should now be seen in the application menu.
$SPLUNK_HOME$/bin/splunk restart
Splunk has an entire application website with hundreds of applications created by Splunk, other vendors, and even the users of Splunk. These are great ways to get started with a base application, which you can then modify to meet your needs.
If the Splunk server that you are logged in to has access to the Internet, from the Apps page you can click on the Browse More Apps button. From here, you can search for apps and install them directly.
An alternative way to install a Splunk app is to visit http://splunkbase.splunk.com and search for the app. You will then need to download the application locally. From your Splunk server, on the Apps page, click on the Install app from file button and upload the app you just downloaded in order to install it.
Once the app has been installed, go and look at the directory structure that the installed application just created. Familiarize yourself with some of the key files and where they are located.
3.15.226.248