Splunk® Add-on Builder

Splunk Add-on Builder User Guide

This documentation does not apply to the most recent version of Splunk® Add-on Builder. For documentation on the most recent version, go to the latest release.

What's new

Here's what's new in each version of the Splunk Add-on Builder.

Version 2.0.0

What's new in this release:

  • The validation process has been enhanced to include App Certification readiness. This validation process can also be performed on apps and add-ons that were created outside of Add-on Builder. For details, see About Splunk App Certification.
  • You can now create alert actions for your add-ons using the Add-on Builder. For details, see Create alert actions.
  • You can now create adaptive response actions for use with Splunk Enterprise Security. For details, see Create an adaptive response action for Enterprise Security.
  • The Add-on Builder is easier to use with a new workflow and enhanced UI.
  • Bug fixes. For details, see Fixed issues.

Version 1.1.0

What's new in this release:

  • Additional data formats (JSON, XML, and tabular) are now supported, improving field extraction.
  • Adding sample data is easier, with the option to upload sample data files and indexed data from Splunk Enterprise.
  • Support for field extraction and CIM mapping has been added for indexed data in Splunk Enterprise.
  • The framework for modular inputs has changed. See below for details about migrating your code.
  • Bug fixes. For details, see Fixed issues.

Migrating modular input code from an earlier release

The framework for modular inputs has changed. If you are upgrading the Add-on Builder app from a previous release, update your Python code for any modular inputs you created as described below.

Create events

Use the self.new_event method to create events for modular inputs rather than creating an event directly using smi.Event. The arguments are the same.

For example, in the auto-generated code for modular inputs, you would update the sample code as follows.

1. Find this line: 

event = smi.Event(source=self.input_name, index=self.output_index, sourcetype=self.output_sourcetype, data=data)

2. Replace it with this line: 

event = self.new_event(source=self.get_input_name(), index=self.get_output_index(), sourcetype=self.get_sourcetype(), data=data)

Read configurations from setup pages

The following example code, also included in the auto-generated code for modular inputs, shows how to read configurations from setup pages in the new framework for version 1.1.0: 

arg_value = self.get_arg('arg_name')
proxy_settings = self.get_proxy()
account = self.get_user_credential("admin")
userdefined = self.get_global_setting("userdefined")

Version 1.0.1

What's new in this release:

Version 1.0.0

This is the first release of the Splunk Add-on Builder.

Last modified on 10 October, 2016
Advanced   Known issues

This documentation applies to the following versions of Splunk® Add-on Builder: 2.0.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters