About apps

About apps

This topic provides and overview of applications and how you can use them. For Splunk applications and information on how to build your own, refer to the Apps Wiki. For existing applications, use Splunk's App Manager to browse SplunkBase.

What are applications?

A Splunk application can be as simple as a collection of one or more event type definitions, searches, and/or saved searches. Or, it can be as complex as an entirely new program using Splunk's REST API.

Where can you find them?

When you install Splunk, a number of applications are installed by default (but not necessarily enabled, we'll get to that later). You can see them by launching Splunk Web and navigating to the Admin > Applications page. In particular, the Splunk forwarder, light forwarder, and desktop configuration applications are listed here. You can find and install more Splunk applications from this page.

How can I tell what applications are installed?

You can navigate to the Admin > Applications page in Splunk Web and see what applications are enabled for your Splunk installation, or you can use the CLI to check to see if a particular application is installed by going to $SPLUNK_HOME/bin and typing:

./splunk display <application name>

Where do they fit into Splunk?

Each Splunk application that is listed in the Admin>Applications page has its own directory under $SPLUNK_HOME/etc/apps/, where SPLUNK_HOME is the directory into which you installed Splunk. Each Splunk application can have a setup.conf file to specify how that application interacts with other Splunk applications.

How do you install them?

For general installation instructions refer to the Install Splunk applications topic.

Important: Splunk's directory structure changed between versions 3.2 and 3.3. If you are downloading an application from SplunkBase, you may have to upgrade to 3.3. Contact Splunk support for guidance.

• Was this topic useful?
• Post a comment