Documentation > Splunk > Developing Dashboards, Views, and Apps for Splunk Web > Developer configuration and knowledge object guide

Developing Dashboards, Views, and Apps for Splunk Web

 


Overview
Build your app
Customize Splunk Web
Advanced Web customization
UI Developer reference
Examples

Developer configuration and knowledge object guide

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Developer configuration and knowledge object guide

Once you've created your App, you can add configurations to set up the data layer. Then, add objects to set up your App's presentation layer. You can add knowledge objects and configurations to your app via Splunk Manager or through the configuration file system in the Splunk server back-end.

This section is an overview of the major configuration options available to you. You can find additional information on configurations in the Admin manual. Look in the Knowledge manager manual for more information on configuring knowledge objects.

Once you've set up custom configurations, you may want to configure an app setup screen to expose relevant App configurations to users setting up your app.

Configurations

Configurations set up the data layer of your App. The data layer includes data inputs and other configurations that specify how Splunk should treat your data. This way, you can customize what data is available to your App, how it gets into your Splunk instance and how Splunk stores it.

Many, but not all, apps for Splunk contain back-end configurations. You can use any configuration from the list of configuration files from the configuration files reference page in the Admin manual. Learn more about how configuration files work in the Admin manual. Put the configuration files in your App's directory to package them with your App.

Note that all configurations are global, meaning they are by default available to all apps. You may segregate configurations by placing them in your app's directory. However, any data inputs indexed into Splunk will always be available to other Apps.

Inputs

Configure inputs for your app. Do you want to index a specific type of data just for your App? For example, you may just want to index your Web logs so your Web developers can look at them in one place -- your Web App. Read more about getting data into Splunk in the Admin Manual.

Indexes

Configure custom indexes to store the data for your App. This is the best way to make sure your App users can only search through specific data. Learn more about how to set up multiple indexes in the Admin Manual.

Props and transforms

Splunk has rules for processing most data types. But if you have a custom data type you can set segmentation, character set or other custom data processing rules. Create rules for data processing in props.conf and link it to your data via transforms.conf. You can package these configurations with your App, but they will be applied on a source, sourcetype or host basis. Learn more about how Splunk's data processing rules work in the Admin Manual.

User prefs

Set a default app through user prefs. Learn more about how to set a default app in this manual.

Knowledge objects

Knowledge objects are all objects available at the presentation layer of your app. This is how you customize what your data looks like to your App users. Depending on what permissions you set, your apps users can then interact with and modify the knowledge objects included in your App.

Permissions for objects

Set default permissions for objects in your app in default.meta or by modifying each object's permissions in Splunk Manager.

Custom UI

Customize Splunk's UI by building views. Views include dashboards and search views and present the knowledge objects you've built in your App. Dashboards generally contain links to relevant searches, as well as any reports you want to display upon loading your app. Search views let you run searches on an ad-hoc basis.

Learn more about how to build a custom UI.

Saved searches and reports

Saved searches and reports are the building block of most Splunk Apps. Use saved searches and reports to dynamically capture important pieces of your data. Display them in your App on a dashboard, or add them to a drop-down menu in Splunk Web to run as needed. Use saved searches as a shortcut to launch interesting and relevant searches into whatever data you've loaded into your App.

Learn more about how to use saved searches and reports in your App here.

Event types

Configure event types to capture and share knowledge in your App. Learn more about event types in the Knowledge Manager manual.

Fields

Splunk automatically extracts fields from your data. You may want to add in your own custom fields to your App, however. For example, you may have some custom data in your App that you want to showcase in your results by creating a new field. Read more about fields in the Knowledge Manager manual.

Tags

Tags are another way to add metadata to your data. Any tags you create you can add to your App. Read more about tags in the Knowledge Manager Manual.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.0.6/Developer/DevConfigs"

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.