Links

Toolbox

Splunk > The IT Search Company

Search and navigate IT data from applications, servers and network devices in real-time.
Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Download manuals in other languages

Community | Discussion | View source | History

Getting Started

You'll need to download the latest version of Splunk from the website. An account is required to download newer versions of Splunk. If you are using an older version of Splunk, it is recommended you upgrade to get the latest version with the newer REST endpoints.

You can refer to the installation instructions from Splunk's documentation pages. These instructions are made for the released version of Splunk, and may not work for installing Preview versions.

You'll also need a good handle on the Splunk search language:

Search language cheat sheet - search language cookbook
Splunk search language reference - search language reference

Programming Your First Application

Once you get Splunk installed, you can start accessing the APIs through the REST endpoints located on the Splunk server, splunkd. We use Python in the examples below, but you can use any RESTful language to talk to Splunk's server.

Splunk's endpoints - get started by talking to the REST endpoints directly.
Authenticating - get an auth token to talk to the Splunk server.
Start a job - start a new search job on the server
Get the results - using the job id, return the results and do something useful
Use a SDK - start using one of the SDKs to simplify talking to the REST endpoints
UI themes - overview of how to skin the Splunk UI

Programming Resources

Splunk's APIs use REST, which requires the programmer to handle connecting to the web and parsing XML bits coming back from the server. The following SDKs provide a more manageable interface for dealing with Splunk, and can help lower the amount of development time.

.NET - Google Code page for the .NET SDK wrappers for the Splunk APIs
Embedded Python - embedded Python SDK shipping with Preview release
Flash - Google Code page for the upcoming Flash SDK
Java - Google Code page for the Java SDK
PHP - Google Code page for the PHP SDK
Perl - Google Code page for the Perl SDK
Python - Google Code page for the external Python SDK
AJAX - Google Code page for the AJAX SDK

Languages we'd like to have soon:

Ruby/RAILS

Tools and add-ons

Excel add-on - Use Excel to analyze your Splunk search results.
Splunk Application builder - Python-based framework for building your first Splunk application.

Splunk Related Projects

Replay - Flash based visualization application for Splunk
IP Tagging Utility - GeoIP lookups for IPs in your events

More Project Ideas

Splunk's core technology is a highly-scalable IT event database engine, capable of handling insane amounts of unstructured data in an enterprise environment. The Splunk Hacks page lists over 50 possible ideas for projects using Splunk. Some of them are simply brilliant, others are completely ridiculous (but still would be cool to see implemented).

If you are looking for a good excuse to write some code against Splunk, now's your chance. Grab a project idea, create a project for it and get busy!

Retrieved from "http://www.splunk.com/base/Community:Getting_Started"

Revision: 207 | Contact | Privacy Policy | Terms of Use | Community content licensed under Creative Commons