Course Description

This two-day course focuses on Splunk Enterprise app development. It's
designed for advanced users, administrators, and developers who want to create
apps using the Splunk Web Framework. Major topics include planning app
development, creating data generators and data inputs; the REST API, setup
screens, KV Store, and app packaging.    

Instructor-led Training Schedule

Course Prerequisites

Classes:

  • Splunk Fundamentals 1 & 2
  • Advanced Dashboards & Visualizations
  • Splunk Enterprise System Administration (recommended)

Recommended Skills:

  • Experience with HTML, CSS, and XML
  • Experience with JavaScript
  • Using a terminal text editor (vi, Nano, etc.)

Course Topics

  • Planning App Development
  • Adding Data
  • Creating Apps
  • Creating a KV Store
  • Using the Splunk REST API
  • Packaging Apps
Course Objectives

Module 1 – Planning App Development

  • Create a development environment
  • Improve app performance
  • Identify Splunk log files
  • Use security best practices
  • Create a data generator

Module 2 – Creating Apps

  • Define the web framework architecture
  • Identify ways to build Splunk apps
  • Manage apps and add-ons
  • Create an app
  • Configure app properties
  • Create app navigation

Module 3 – Adding Data

  • List types of data inputs
  • Identify ways to add data
  • Define when to use a scripted input
  • Create a modular input

Module 4 – Using the REST API

  • Explain how the Splunk REST API works
  • Define API endpoints
  • Explain how the KV Store works
  • Create a KV Store
  • Use lookups with a KV Store

Module 5 – Packaging Apps

  • Create an app setup screen
  • Define search time precedence
  • Explain local and default differences
  • Package an app