Building a great Splunk App for Apptitude

How do I build an app that’s going to stand out as the best among an intensely competitive pool? That’s a question that’s on a lot of minds as Splunk Apptitude gets rolling.

Splunk has introduced a program that rewards the best Splunk App in two categories, with a big cash payout. Apptitude is getting the attention of a lot of users and partners, Splunkers who may have created apps for their own purposes, but who never considered submitting their work to the Splunk Apps site.

So, what it does it take to earn glory, karma, and the admiration of your peers? All you have to do is create and publish a solid winning Splunk app in one of the contest categories! Requirements for packaging, distribution and directory hierarchy are described on the Resources page.

What does it take to earn cash, or the chance at a free .conf pass? Getting to the top requires a little more attention to detail, and has to really stand out from the crowd. For those who are setting their sights on a win, below are few tips that might help. These tips come from a guide which details many best practices for building a Splunk app which we have collected into one place for easy reference:

  • Consider building with a team. The time period for this first round of Apptitude is short. More hands make for faster iteration—plus, it’s more fun!
  • If you’ve never submitted an app to Splunk Apps before, consider using the app template embedded in Splunk. It is at Apps>Manage Apps>Create App. Using this template will help you keep the elements of your app in the right locations.
  • Make sure you read the Package your app or add-on page in our docs, and follow all of the advice there, such as testing knowledge object permissions. Before you submit the app, try it on a clean Splunk install and make sure all everything is accessible by a non-admin user.
  • Use the Common Information Model so that data from your app can be seamlessly integrated with other data sources and apps. Here’s a recent blog post with links to several CIM resources.
  • Check out the Dashboard Examples app. This is especially important if you are a veteran Splunker. You are likely to find some kickass stuff in that app which you didn’t even know existed! This app reads like a cookbook, and has complete SPL and XML sample code for every example.
  • Pay close attention to naming conventions.

And watch out for little things like:

  • Make sure to parameterize index names into eventtypes or macros. That way you only have to update them in one place instead of modifying every query that uses them.
  • Store all your customizations in default, not local.
  • Don’t hardcode the paths in a data collection script. Use the environment variable such as $SPLUNK_HOME to be resilient to Splunk configuration changes and platform differences.

We also have these books to recommend:

Last but not least, if you get stuck, or just want to help others, collaborate using the Splunk Answers site, or any of our other community resources! We’ve even created an Apptitude tag, which can be used as an FAQ for the contest itself.

Happy Splunking!

Chris Ladd

Posted by