How to use this manual

How to use this manual

This manual contains information on building custom UI in Splunk, extending Splunk via APIs, using Splunk's app framework and building apps for Splunk.

What's your use case?

Before you start, figure out your use case. It may seem obvious, but it can be helpful to figure out what you want to do and how to get there with Splunk. Here's an overview of the topics in this manual and why you'd want to use them.

Build dashboards

If you're just starting out customizing Splunk, you're probably most interested in building a dashboard. A dashboard is a page within Splunk Web that shows you different informative visualizations of your data. For example, you might have a dashboard that shows information about your Web servers -- how many 404s over each hour, which Java applications have generated errors today, how much revenue your online store has created today. Or perhaps you want to see statistics about your network, such as network traffic, or information about users such as failed logins. Any search or report you can generate with Splunk can be added to a dashboard, as well as custom HTML and other visualization tools.

Build forms

A form is another type of page within Splunk Web, used specifically for searching. Think of a form as a simplified version of Splunk's default search interface. You can use forms to guide your users' searches through specific data. For example, you might have a helpdesk team who will always be searching for serial number in a specific index, on a given host. You can hide all the search terms your users don't need to see and interact with, for example the index and host data, and just present them a simplified interface for searching on a given serial number. Forms aren't limited to just one input, however, they can contain multiple text inputs, drop-down menus and radio buttons.

Build advanced views

The form searches and dashboards discussed in the previous section are all built using Splunk's simplified XML. This is just a layer on top of a much more complex language with many more options for customization. So, if you start building a dashboard or form search and you find that you can't build the UI you want using the instructions in the Build dashboards and Build forms sections, you may want to move on to this section. For example, you've already built a dashboard or form search, but you want to add more functionality that isn't available in the simplified XML syntax. You will most likely want to start with the simplified XML syntax before moving on to this section, just to get a feel for how Splunk's UI customization works. If you find that you're ready to move on to the advanced XML, you can always translate your simplified XML to the advanced.

Customize Splunk Web

Besides building custom pages in Splunk Web, you can customize other aspects of the appearance as well. This section covers the other customizations you can make to the appearance of Splunk Web, including customizing the CSS of modules, views and apps, changing the appearance of events and adding a custom message to the login screen. Also, this section covers translating Splunk into other languages. All the strings in Splunk Web are externalized and can be translated into the language of your choice. Finally, if you're looking to export elements from Splunk into a third party application, you'll find those instructions in this section as well.

Build apps

Apps are collections of configurations, objects and knowledge built within Splunk's app framework. Apps are completely permissionable, and as such are a great way to segregate your data, or present different views of your data to different users. For example, you can present one set of data to the Web team, one to the Operations team and a completely different set to your Help Desk staff. You could also create a custom app for managers and executive staff that shows daily, weekly and quarterly revenue and other stats. Use the build apps section to walk you through the process of building apps in Splunk. This section works as a step-by-step walkthrough, with additional optional topics at the end. As of Splunk 4.1, each role in your organization can have a different default app, and each user can select their own app, of the apps they have permission to view.

Extend Splunk

Splunk's Web framework is built on a REST API. If you want, you can use this REST API to hook into Splunk from other applications. Any application that can make an HTTP request can launch a search in Splunk and retrieve search results. This is a great way to use Splunk as a data back-end for other services. In Splunk 4.1, only the search endpoints are certified and stable for developer use. In future releases, the management and configuration endpoints will be certified and made available.

Important terminology

Throughout this manual, you'll encounter terms that are specific to Splunk. You can always refer to the Splexicon if you're curious about Splunk's definition of a term. The most important terms for developers to be familiar with are:

• Views
• Dashboards
• Form searches
• REST API
• REST endpoint
• View XML
• View template
• Layout panel
• Panel type

• Was this topic useful?
• Post a comment