Topics

| pdf version

How Splunk Works

Getting Started

Data Inputs

Data Distribution

Indexing

Timestamps

Fields

Hosts

Source Types

Event Types

Search

Distributed Search

Security

Data Management

Deployment Server

Performance Tuning

Configuration Files

Applications

Reference

Troubleshooting


Toolbox

Splunk > The IT Search Company

  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Documentation | Discussion | View source | History

Install Splunk applications

This documentation does not apply to the most recent version of Splunk.

This documentation applies to the following versions of Splunk: 3.2 , 3.2.1 , 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6

Install Splunk applications

Install a Splunk application by unpacking it into your $SPLUNK_HOME/etc/bundles directory. Once you've configured it (according to the instructions in the following sections), restart your Splunk server to load it into your Splunk instance.


Once you have an application installed, it's a good idea to look through it to make sure it works for your data. The sections below address what you may need to change, and where to go to find help on how to change it.


There are some general issues that apply no matter what aspect of the application you want to customize:


  • Look for lines in the application's configuration files that begin with a hash (#). Such lines are comments, which are meant for human eyes and not the computer's. Comments are often used to point out that a specific line of code needs to be edited to match your environment.
  • Make sure that if you make a change that affects multiple files (eg changing the name of a sourcetype or a transform) that you edit all dependent files.
  • Watch for settings that are heavily customized in your environment; you may need to adjust the application to match.

Customize an application's event types

See both the User manual section on event types and the Administrator manual section on introductory administrator event types, if you haven't already. Other items of interest include:


Customize an application's fields

See the User manual section on fields and the Administrator manual section on fields, if you haven't already. Other items of interest include:


Customize an application's inputs

See the administrator input docs if you haven't already. Other items of interest include:


Customize an application's saved searches and alerts

See the User manual section on saved searches and alerts and the Administrator saved searches section, if you haven't already. Other items of interest include:


Customize an application's reports

Much of the material on reporting is entwined with that of saved searches and alerts. In addition to this, see the user documentation on reporting.

Retrieved from "http://www.splunk.com/base/Documentation/3.2/Admin/InstallSplunkApplications"
Revision: 207 Contact Privacy Policy Terms of Use Community content licensed under Creative Commons

Copyright © 2005-2010 Splunk Inc. All rights reserved.