Splunk® Add-on Builder

Splunk Add-on Builder User Guide

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® Add-on Builder. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Overview of the Splunk Add-on Builder

The Splunk Add-on Builder is a Splunk app that helps you build and validate technology add-ons for your Splunk Enterprise deployment.

What is an add-on?

An add-on is a reusable Splunk component, much like an app, but does not contain a navigable view. Add-ons can include any combination of custom configurations, scripts, data inputs, custom reports or views, and themes that can change the look and feel of Splunk Enterprise. A single add-on can be used in multiple apps, suites, or solutions.

Technology add-ons are specialized add-ons that help to collect, transform, and normalize data feeds from specific sources in your Splunk environment. Add-ons can include:

  • A feed to help gather data from a source
  • Field extractions
  • A map that normalizes the data to the Common Information Model

For more about apps and add-ons, see Apps and add-ons: an introduction in the Splunk Enterprise Developing Views and Apps for Splunk Web manual, and Apps and add-ons in the Splunk Enterprise Admin Manual.

Why create a technology add-on?

Technology add-ons provide knowledge mapping, making it easier to do data transformations on unstructured data and extract value from raw event data. Many add-ons help collect the data from data sources, reducing the time spent to reach value. And, add-ons are particularly useful when you need to get data into the Splunk platform and the data is not in one of the native input formats.

Why use the Splunk Add-on Builder?

The Splunk Add-on Builder is intended to guide you through the process of creating a technology add-on without you having to know everything there is to know about the Splunk platform.

The goals of the Splunk Add-on Builder are to:

  • Guide you through all of the necessary steps of creating an add-on
  • Reduce development and testing time
  • Follow best practices and naming conventions
  • Maintain CIM compliance
  • Maintain quality of add-ons
  • Validate and test the add-on, helping you to identify any limitations such as compatibilities and dependencies
  • Maintain a consistent look and feel while still making it easy for you to add branding
  • Package the add-on and helps you get ready to submit it for certification

Who is the Splunk Add-on Builder for?

The Splunk Add-on Builder is for:

  • Splunk admins who would like to onboard additional data into Splunk.
  • Developers who are looking for a tool to help them build and validate a Splunk add-on.
Last modified on 20 April, 2016
  NEXT
Learn more and get help

This documentation applies to the following versions of Splunk® Add-on Builder: 1.0.0, 1.0.1, 1.1.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters