Splunk® Add-on Builder

Splunk Add-on Builder User Guide

This documentation does not apply to the most recent version of Splunk® Add-on Builder. For documentation on the most recent version, go to the latest release.

Overview of the Splunk Add-on Builder

The Splunk Add-on Builder is a Splunk app that helps you build and validate technology add-ons for your Splunk platform deployment.

What is an add-on?

An add-on is a reusable Splunk component, much like an app, but is dedicated to a function such as getting a specific system's data in and out of the Splunk platform. Add-ons can include any combination of custom configurations, scripts, data inputs, custom reports or views, and themes that can change the look and feel of the Splunk platform. A single add-on can be used in multiple apps, suites, or solutions.

Technology add-ons are specialized add-ons that help to collect, transform, and normalize data feeds from specific sources in your environment. Technology add-ons typically include:

  • Knowledge management components, such as field extractions, transforms, and lookups, that make the data easy to use.
  • Knowledge mapping components, such as event types and tags, that normalize the data to the Common Information Model.
  • Configurations and/or tools to gather data from a source.


For more about apps and add-ons, see Develop Splunk Apps on the Splunk Developer Portal.

Why create a technology add-on?

Technology add-ons provide knowledge mapping, making it easier to do data transformations on unstructured data and extract value from raw event data. Many add-ons help collect the data from data sources, reducing the time spent to reach value. And, add-ons are particularly useful when you need to get data into the Splunk platform and the data is not in one of the native input formats.

Why use the Splunk Add-on Builder?

The Splunk Add-on Builder is intended to guide you through the process of creating a technology add-on without you having to know everything there is to know about the Splunk platform.

The goals of the Splunk Add-on Builder are to:

  • Guide you through all of the necessary steps of creating an add-on
  • Build alert actions and adaptive response actions for Splunk Enterprise Security
  • Reduce development and testing time
  • Follow best practices and naming conventions
  • Maintain CIM compliance
  • Maintain quality of add-ons
  • Validate and test the add-on, helping you to check for certification readiness and to identify any limitations such as compatibilities and dependencies
  • Maintain a consistent look and feel while still making it easy for you to add branding
  • Package the add-on and helps you get ready to submit it for certification

Who is the Splunk Add-on Builder for?

The Splunk Add-on Builder is for:

  • Splunk admins who would like to onboard additional data into the Splunk platform.
  • Developers who are looking for a tool to help them build and validate a Splunk add-on.
Last modified on 27 November, 2019
  Learn more and get help

This documentation applies to the following versions of Splunk® Add-on Builder: 2.0.0, 2.1.0, 2.1.1, 2.1.2

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters