Course Description

This two-day course focuses on Splunk app development. It's designed for advanced users, administrators, and developers who want to create apps using the Splunk Web Framework. Major topics include planning app development, creating data generators and data inputs, REST API, setup screens, KV Store, and app packaging.

Instructor-led Training Schedule

Course Prerequisites

Classes:

  • Splunk Fundamentals 1 & 2
  • Advanced Dashboards & Visualizations
  • Splunk Enterprise System Administration (recommended)

Recommended Skills:

  • Experience with HTML, CSS, and XML
  • Experience with JavaScript
  • Using a terminal text editor (vi, Nano, etc.)

Course Topics

  • Introduction to Splunk Apps
  • Planning App Development
  • Adding Data
  • Creating Apps
  • Creating SplunkJS Views
  • Creating a KV Store
  • Using the Splunk REST API
  • Packaging Apps
Course Objectives

Module 1 – Introduction to Splunk Apps

  • Define the web framework architecture
  • Identify ways to build Splunk apps
  • Manage apps and add-ons

Module 2 – Planning App Development

  • Create a development environment
  • Improve app performance
  • Identify Splunk log files
  • Use security best practices
  • Create a data generator

Module 3 – Adding Data

  • List types of data inputs
  • Define three ways to add data
  • Use the Splunk Add-on Builder
  • Create a modular input

Module 4 – Using the Splunk REST API 

  • Explain how the Splunk REST API works
  • Define API endpoints
  • Create an app setup screen

Module 5 – Creating a KV Store

  • Define what is a KV Store
  • Create a KV Store
  • Use lookups with a KV Store 
  • Explain how to monitor KV store activity

 

 

Module 6 – Packaging Apps

  • Define search time precedence
  • Explain local and default differences
  • Package an app