Course Description

This two-virtual day course focuses on Splunk app development. It's designed for power users, administrators, and app developers, who want to create powerful, interactive apps using the Splunk Web Framework. Major topics include simple XML, the SplunkJS Stack, KV Store, REST API, app setup screens, navigation, tokens, and packaging an app.

Instructor-led Training Schedule
 Start Date  Start Time  Time Zone
04-Jan-18 09:00 AM (GMT-08:00) Pacific Time (US & Canada)
04-Jan-18 09:00 AM (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London
15-Jan-18 09:00 AM (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London
18-Jan-18 09:00 AM (GMT-08:00) Pacific Time (US & Canada)
29-Jan-18 09:00 AM (GMT-05:00) Eastern Time (US & Canada)
View Schedule

Course Prerequisites


  • Splunk Fundamentals 1 & 2
  • Advanced Searching & Reporting (strongly recommended)
  • Advanced Dashboards & Visualizations

Recommended Skills:

  • Six month's experience using the Splunk search language
  • Experience with HTML, CSS, and XML
  • Experience with JavaScript
  • Using a terminal emulator




Course Topics

  • Introduction to Splunk Apps
  • Planning App Development
  • Adding Data
  • Creating Apps
  • Creating SplunkJS Views
  • Creating a KV Store
  • Using the Splunk REST API
  • Packaging Apps
Course Objectives

Module 1 - Introduction to Splunk Apps

  • Define the web framework architecture
  • Identify types of Splunk apps
  • Manage apps and add-ons


Module 2 - Planning App Development

  • Setup a development environment
  • Improve app performance
  • Identify Splunk log files
  • Use security best practices
  • Create a data generator

Module 3 - Creating Apps

  • Create an app
  • Define the app directory structure
  • Configure app properties
  • Add navigation
  • Add app icons, and logos


Module 4 - Adding Data

  • List types of data inputs
  • Define three ways to add data
  • Use the Splunk Add-on Builder
  • Create a modular input

Module 5 - Using SplunkJS Stack

  • Name three ways to add SplunkJS Views
  • Identify types of search managers
  • Define token syntax and models
  • Identify the structure of a view converted to HTML
  • Create a SplunkJS dashboard

Module 6 - Using the Splunk REST API

  • Explain how the Splunk REST API works
  • Define API endpoints
  • Create an app setup screen

Module 7 - Creating a KV Store

  • Define what is a KV Store
  • Create a KV Store
  • Use lookups with a KV Store
  • Explain how to monitor KV store activity

Module 8 - Packaging Apps

  • Create app navigation
  • Describe config file precedence
  • Package an app
  • Compare types of app certification