Splunk Training + Certification

Building Splunk Apps

The newest comprehensive resource from Splunk Training + Certification is here.

Course Description

This two-day course focuses on Splunk Enterprise app development. It's
designed for advanced users, administrators, and developers who want to create
apps using the Splunk Web Framework. Major topics include planning app
development, creating data generators and data inputs; the REST API, setup
screens, KV Store, and app packaging.    

Instructor-led Training Schedule

Course Prerequisites

  • Splunk Fundamentals 1 & 2
  • Creating Dashboards
  • Advanced Dashboards & Visualizations
  • Splunk Enterprise System Administration (recommended)
Recommended Skills:
  • Experience with HTML, CSS, and XML
  • Experience with JavaScript
  • Using a terminal text editor (vi, Nano, etc.)

Course Topics

  • Planning App Development
  • Adding Data
  • Creating Apps
  • Creating a KV Store
  • Using the Splunk REST API
  • Packaging Apps

Course Objectives

Module 1 – Planning App Development
  • Create a development environment
  • Improve app performance
  • Identify Splunk log files
  • Use security best practices
  • Create a data generator
Module 2 – Creating Apps
  • Define the web framework architecture
  • Identify ways to build Splunk apps
  • Manage apps and add-ons
  • Create an app
  • Configure app properties
  • Create app navigation
Module 3 – Adding Data
  • List types of data inputs
  • Identify ways to add data
  • Define when to use a scripted input
  • Create a modular input
Module 4 – Using the REST API
  • Explain how the Splunk REST API works
  • Define API endpoints
  • Explain how the KV Store works
  • Create a KV Store
  • Use lookups with a KV Store
Module 5 – Packaging Apps
  • Create an app setup screen
  • Define search time precedence
  • Explain local and default differences
  • Package an app