Documentation:
3.3.4
This page last updated: 12/24/08 06:12pm
Components
Here are descriptions of the various components of Splunk's architecture. This page focuses on the most useful aspects of Splunk's architecture for developing against the Splunk platform.
A Splunk server runs two processes running on your host, splunkd and splunkweb:
- splunkd is a distributed C/C++ server that accesses, processes and indexes streaming IT data. It also handles search requests. splunkd processes and indexes your data by streaming it through a series of pipelines, each made up of a series of processors.
- Pipelines are single threads inside the splunkd process, each configured with a single snippet of XML.
- Processors are individual, reusable C or C++ functions that act on the stream of IT data passing through a pipeline. Pipelines can pass data to one another via queues. splunkd supports a command line interface for searching and viewing results.
- splunkweb is a Python-based application server providing the Splunk Web user interface. It allows users to search and navigate IT data stored by Splunk servers and to manage your Splunk deployment through a web interface.
splunkweb and splunkd can both communicate with your web browser via REST:
- splunkd also runs a webserver on port 8089 with SSL/HTTPS turned on by default.
- splunkweb runs a web server on port 8000 without SSL/HTTPS by default.
Important files for developers include:
- authorize.conf: Use this file to create capabilities for scripts.
- restmap.conf: Use this file to create and configure new rest endpoints.
- server.conf: Use this file to configure the HTTP server and applications management settings.
- web.conf: Settings for the Splunk Web HTTP server.
- app.conf: Create dynamic user entry fields for your custom application.
- streams.conf: Configure settings for streams
A complete list of configuration files is located here.
Comments
No comments have been submitted.