Skip to main content

Splunk Training + Certification

Building Splunk Apps

Course Description

This 9-hour course focuses on Splunk Enterprise app development. It's designed for advanced users, administrators, and developers who want to create apps using the Splunk Web Framework. Major topics include planning app development, creating data generators and data inputs; the REST API, setup screens, KV Store, and app packaging.

Instructor-led Training Schedule

Prerequisite Knowledge

To be successful, students should have a solid understanding of the following courses:
  • What is Splunk?
  • Intro to Splunk
  • Using Fields
  • Visualizations
  • Leveraging Lookups & Subsearches
  • Correlation Analysis
  • Search Under the Hood
  • Introduction to Knowledge Objects
  • Creating Knowledge Objects
  • Creating Field Extractions
  • Enriching Data with Lookups
  • Introduction to Dashboards
  • Dynamic Dashboards

Or the following legacy courses:


  • Splunk Fundamentals 1 & 2
  • Creating Dashboards
Students should also understand the following advanced coursework:
  • Advanced Dashboards & Visualizations
  • Splunk Enterprise System Administration (recommended)
Recommended Skills:
  • Experience with HTML, CSS, and XML
  • Experience with JavaScript
  • Using a terminal text editor (vi, Nano, etc.)

Course Topics

  • Planning App Development
  • Adding Data
  • Creating Apps
  • Creating a KV Store
  • Using the Splunk REST API
  • Packaging Apps

Course Objectives

Module 1 – Planning App Development
  • Create a development environment
  • Improve app performance
  • Identify Splunk log files
  • Use security best practices
  • Create a data generator
Module 2 – Creating Apps
  • Define the web framework architecture
  • Identify ways to build Splunk apps
  • Manage apps and add-ons
  • Create an app
  • Configure app properties
  • Create app navigation
Module 3 – Adding Data
  • List types of data inputs
  • Identify ways to add data
  • Define when to use a scripted input
  • Create a modular input
Module 4 – Using the REST API
  • Explain how the Splunk REST API works
  • Define API endpoints
  • Explain how the KV Store works
  • Create a KV Store
  • Use lookups with a KV Store
Module 5 – Packaging Apps
  • Create an app setup screen
  • Define search time precedence
  • Explain local and default differences
  • Package an app