What's new
Here's what's new in each version of the Splunk Add-on Builder.
Version 2.1.1
What's new in this release:
- Bug fixes. For details, see Fixed issues.
Version 2.1.0
What's new in this release:
- The Add-on Builder has a new and enhanced setup library consistent with modern Splunk-built add-ons.
- The Add-on Builder no longer requires you to restart Splunk Enterprise when building new data inputs, creating a new add-on, or any other step.
- The Add-on Builder home page has been updated and improved.
- You can now import and export add-on projects, allowing you to work on an add-on on different computers and share projects with others. For details, see Import and export add-on projects.
- You can now use the Add-on Builder to add CIM mapping to apps and add-ons that were not created using Add-on Builder. For details, see Work with other apps and add-ons.
- When you configure data inputs using a REST API, you can now add checkpointing for incremental data collection and set JSON event breaking. For details, see Add a data input using a REST API.
- Improvements have been made to the CIM mapping UI. For details, see Map to CIM.
- Changes have been made to the way global accounts are implemented in the setup page for an add-on. For details, see Create a setup page.
Upgrade add-ons from earlier versions
When you open an add-on project that was created in an earlier version of Add-on Builder, the add-on is automatically upgraded. Note the following changes:
- Any UI or dashboards that were created outside of Add-on Builder will no longer be available.
- If you made any changes outside of Add-on Builder to configuration files, review these files in case your changes were not migrated.
- Setup pages have changed in version 2.1.0 and are upgraded to the new style. Due to changes between these styles, review your setup pages and verify the text appears correctly. Ensure that display labels for input fields are unique.
- If you created data inputs with Python code in Add-on Builder 2.0.0, you must upgrade your code for version 2.1.0.
- Replace:
def collect_events(helper, inputs, ew):
- With:
def collect_events(helper, ew):
- Replace:
Version 2.0.0
What's new in this release:
- The validation process has been enhanced to include App Certification readiness. This validation process can also be performed on apps and add-ons that were created outside of Add-on Builder. For details, see About Splunk App Certification.
- You can now create alert actions for your add-ons using the Add-on Builder. For details, see Create alert actions.
- You can now create adaptive response actions for use with Splunk Enterprise Security. For details, see Create an adaptive response action for Enterprise Security.
- The Add-on Builder is easier to use with a new workflow and enhanced UI.
- Bug fixes. For details, see Fixed issues.
Version 1.1.0
What's new in this release:
- Additional data formats (JSON, XML, and tabular) are now supported, improving field extraction.
- Adding sample data is easier, with the option to upload sample data files and indexed data from Splunk Enterprise.
- Support for field extraction and CIM mapping has been added for indexed data in Splunk Enterprise.
- The framework for modular inputs has changed. See below for details about migrating your code.
- Bug fixes. For details, see Fixed issues.
Migrating modular input code from an earlier release
The framework for modular inputs has changed. If you are upgrading the Add-on Builder app from a previous release, update your Python code for any modular inputs you created as described below.
Create events
Use the self.new_event method to create events for modular inputs rather than creating an event directly using smi.Event. The arguments are the same.
For example, in the auto-generated code for modular inputs, you would update the sample code as follows.
1. Find this line:
event = smi.Event(source=self.input_name, index=self.output_index, sourcetype=self.output_sourcetype, data=data)
2. Replace it with this line:
event = self.new_event(source=self.get_input_name(), index=self.get_output_index(), sourcetype=self.get_sourcetype(), data=data)
Read configurations from setup pages
The following example code, also included in the auto-generated code for modular inputs, shows how to read configurations from setup pages in the new framework for version 1.1.0:
arg_value = self.get_arg('arg_name') proxy_settings = self.get_proxy() account = self.get_user_credential("admin") userdefined = self.get_global_setting("userdefined")
Version 1.0.1
What's new in this release:
- Bug fixes. For details, see Fixed issues.
Version 1.0.0
This is the first release of the Splunk Add-on Builder.
Python helper functions | Known issues |
This documentation applies to the following versions of Splunk® Add-on Builder: 2.1.1
Feedback submitted, thanks!