TIPS & TRICKS TIPS & TRICKS

Developers Rejoice! Three Ways Building an App or Add-On for Splunk Just Got Better!

Are you building apps or add-ons for Splunk? If you’re not using the Splunk Packaging Toolkit, then you’re missing out on some great benefits for you and your app users, especially now in Splunk Enterprise 6.6 and Splunk Cloud.

Why should you use it?

  • The Packaging Toolkit reduces system bloat and ensures the best performance by packaging up your app or add-on so components are installed in the right places in distributed environments.

  • For users and Splunk admins, apps and add-ons packaged using the Splunk Packaging Toolkit are easier to manage, including installing, updating and removing.

  • It’s easy to get started with new app or add-on projects and to apply to existing apps and add-ons.

What’s new and why is it better?

Before the Splunk Packaging Toolkit, app developers would zip up all of their app components into a single package. That package would be installed identically, in full, on any deployment node of a distributed Splunk environment: a forwarder, indexer, or search head. This would install app components into some environments where they weren’t required, bloating those systems. These extra components could also negatively affect the performance of those systems.

With the Splunk Packaging Toolkit, you can describe your app and its components in an app manifest that defines which components go where in the target Splunk environment. Now only the parts needed for the search head get installed there, the parts for the indexer get installed there, and the parts for the forwarder get installed there. Less bloat, better performance!

The manifest also describes your app’s declared dependencies, so that these requirements will be satisfied before your app is installed. This makes installing your app much easier for users as any dependencies will be resolved as part of the installation. If you don’t have a manifest already, the Packaging Toolkit can derive one from your existing .conf files and other Splunk app artifacts!

Even more for advanced apps

There are more advanced features available in the manifest file, such as the ability to further break down your app components for partitioning to different forwarder types and input groups. In order to do this, you must provide logical declarations in the app manifest.

Easy to get started

To get started, first Install the Splunk Packaging Toolkit. You’ll need to download a tar file and optionally install VirtualEnv to create isolated Python environments. Then follow the steps in the Overview of the Splunk Packaging Toolkit to create your app manifest from your existing app package and add your app dependencies to it. If you have an app that requires further partitioning, you’ll do it now. Finally, the validate step will check the app manifest and app dependencies for errors.

With the ability to build apps with easier and better management features, as well as better performance, we hope you’ll get started using the Splunk Packaging Toolkit to build and manage your app manifest and dependencies today!

Check out all of the great new features in Splunk Enterprise 6.6 and Splunk Cloud!

Tom Chavez
Posted by Tom Chavez

Tom Chavez has more than twenty years of experience as a manager and product manager in developer software. Today Tom works in product marketing at Splunk, the leader in Operational Intelligence. He has worked across the Silicon Valley at industry leaders including Apple, Sun, PalmSource, and Intuit delivering tools for Mac, Java, PalmOS, Linux and Android development and testing. Tom holds a BS degree in Electrical Engineering and Computer Science from UCBerkeley.

Join the Discussion