Install Splunk applications
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
Install Splunk applications
Install a Splunk application by unpacking it into your $SPLUNK_HOME/etc/bundles directory. Once you've configured it (according to the instructions in the following sections), restart your Splunk server to load it into your Splunk instance.
Once you have an application installed, it's a good idea to look through it to make sure it works for your data. The sections below address what you may need to change, and where to go to find help on how to change it.
There are some general issues that apply no matter what aspect of the application you want to customize:
- Look for lines in the application's configuration files that begin with a hash (#). Such lines are comments, which are meant for human eyes and not the computer's. Comments are often used to point out that a specific line of code needs to be edited to match your environment.
- Make sure that if you make a change that affects multiple files (eg changing the name of a sourcetype or a transform) that you edit all dependent files.
- Watch for settings that are heavily customized in your environment; you may need to adjust the application to match.
Customize an application's event types
See both the User manual section on event types and the Administrator manual section on introductory administrator event types, if you haven't already. Other items of interest include:
Customize an application's fields
See the User manual section on fields and the Administrator manual section on fields, if you haven't already. Other items of interest include:
Customize an application's inputs
See the administrator input docs if you haven't already. Other items of interest include:
Customize an application's saved searches and alerts
See the User manual section on saved searches and alerts and the Administrator saved searches section, if you haven't already. Other items of interest include:
Customize an application's reports
Much of the material on reporting is entwined with that of saved searches and alerts. In addition to this, see the user documentation on reporting.
This documentation applies to the following versions of Splunk: 3.2 , 3.2.1 , 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6 View the Article History for its revisions.