What’s New for Developers in Splunk 5

Splunk Enterprise 5 has a number of great features and tools to enable developers to extend and customize the power of Splunk. Splunk is a powerful, extensible data platform and we’ll continue to invest in making developers productive and happy. Following up on the Java, Python and JavaScript SDKs moving to Beta as well as the public preview of the PHP SDK, here’s what developers will find in Splunk Enterprise 5:

JSON is now a first-class citizen

With Splunk Enterprise 5, you can now access every API endpoint and request the output in JSON – simply append:


to your query string and you’re ready to go. Working with JSON is easy, there’s no need for parsing like with XML.  And JSON extraction is now automatic, so you don’t have to use the ‘spath‘ command to extract data.

curl -k -u admin:changeme https://localhost:8089/services/saved/searches?output_mode=json

API versioning is now available

As the Splunk REST API evolves we’ll provide version numbers so you can reliably support any applications that rely on API calls. Support for API versioning ensures that you can decide when to take changes and avoid surprise application breakages by making version-specific calls.

curl -k -u admin:changeme https://localhost:8089/v5.0/services/search/jobs

The Splunk JavaScript SDK now ships “in-the-box”

Before Splunk Enterprise 5, you wouldn’t have been able to use the JavaScript SDK for building Splunk Apps in the Web UI due to the browser’s Single Origin Policy. With Splunk Enterprise 5, we’ve supplied a standard and secure pass-through proxy for you to use with the JavaScript SDK, opening up new opportunities for you as a developer in the Splunk UI. You can write both new modules that take advantage of the SDK (for example, combining splunkd data with a new visualization library) as well as entire pages in HTML/JS/CSS using the JavaScript SDK as your bridge to your Splunk data alongside your Advanced XML views. Just include the JavaScript SDK and you’re ready to go:

<script type="text/javascript" src="/en-US/static/js/contrib/jquery-1.6.2.js"></script>
<script type="text/javascript" src="/en-US/static/js/contrib/splunk.js"></script>
   <h3>Saved Searches:</h3>
     <div id="savedsearches"></div>
         var http = new splunkjs.SplunkWebHttp();
         var service = new splunkjs.Service(http, { version: "5.0" });
         service.savedSearches().fetch(function(err, savedSearches) {
             var list = savedSearches.list();
             var html = "<ul>";
             for(var i = 0; i < list.length; i++) {
                 var savedSearch = list[i];
                 html += ("<li>" + + "</li>");
             html += "</ul>";

Developers also have access to all of the other great new features in Splunk Enterprise 5, like report acceleration, dynamic drilldowns and integrated PDF capabilities. It’s a great time to be a developer working with Splunk, the platform and tools make it easy to integrate Splunk data into external applications, log directly from remote devices and programmatically extract data for long-term data warehousing.

Jon Rooney

Posted by