Splunk® Add-on Builder

Splunk Add-on Builder User Guide

This documentation does not apply to the most recent version of Splunk® Add-on Builder. For documentation on the most recent version, go to the latest release.

Validate and package

In Validate & Package:

  • Validate your add-on for best practices and Splunk App Certification, and test your data inputs, field extractions, and data model mappings. The Splunk Add-on Builder shows you any errors or warnings, along with recommendations about how to address them.
  • Download your add-on package as an SPL file. The SPL format is identical to the tar archive format, but uses the .spl extension rather than .tar.gz.


You can also validate and package apps and add-ons that were not created using the Add-on Builder.

About Splunk App Certification

Splunk App Certification is a process that analyzes your add-on and certifies that it meets certain criteria and verifies that your add-on conforms to best practices. Criteria and best practices may change, so for the latest information see About app certification on the Splunk Developer Portal.

The Splunk Add-on Builder can validate your add-on to determine whether it is ready to be submitted to Splunk App Certification. When you select App Precertification from the types of validation to perform, the Add-on Builder logs into the App Certification server using your Splunk.com credentials, runs the app precertification validation, then displays a "ready" or "not ready" message.

Before you run validation, be sure to provide your Splunk.com credentials.

To set Splunk.com credentials

  1. From the Splunk Web home page or from the Apps menu, click Splunk Add-on Builder.
  2. On the Splunk Add-on Builder home page, click Configuration at the top left of the page.
  3. On the Configuration page, enter your Splunk.com username and password.
  4. If you use a proxy server, select Enable proxy and fill out the proxy settings.
  5. To verify your login credentials and proxy settings, click Test.
  6. Click Save.

Validate the add-on

You can select from the following types of validation to perform on your add-on:

  • Best Practices
  • Data Model Mapping
  • Field Extraction
  • App Precertification


To validate your add-on

  1. On your add-on homepage, click Validate & Package on the Add-on Builder navigation bar.
  2. Click Validate to run the validation and and display the results.

AddonBuilder2 ValidatePackage.png

Overall Health Report This report displays a health validation score based on the errors, warnings, and failed rules. If you are validating for app precertification, this section also lets you know whether your app is ready to be submitted to Splunk App Certification.

This health score is valid in a local environment. The score could be different for the same add-on if the add-on were validated in other environments or at different times due to differences in global knowledge management and differences in indexed data. Use the health score as a subjective indicator about the overall quality of your add-on.

Error The total number of errors that were found.
Warning The total number of warnings that were found.
Pass The number of rules that your add-on passed.
Validation result distribution A chart displaying the breakdown of the validation results.
Validation Rule Details A list of all the validation rules, with details about the validation category, a description of the rule, and a suggested solution to fix the problem for rules that your add-on did not pass.

Sometimes the suggested remedy is to directly edit a configuration file (.conf). The configuration files for your app are located in $SPLUNK_HOME/etc/apps/TA_your_addon_name, and you can edit them in a text editor. After you save changes to the file, refresh Splunk Web by going to
http://<localhost:port>/en-US/debug/refresh.

For more information about the best practices for add-ons, see:

Troubleshoot validation for app precertification

If the validation process hangs during app precertification, the App Certification server might not be responding.

To troubleshoot the source of the problem, run the following search command:

index=_internal source=*validation.log

Then, if you see results such as the entry below, the problem is with the App Certification server:

2016-09-13 12:48:45,761 DEBUG pid=43871 tid=Thread-1 file=app_cert.py:run:43 | Waiting for App cert finished. Sleep 10 seconds.

Click Stop at any time during the validation process if you think the process is not responding.

You can also switch to other tasks in Add-on Builder while validation is running. The validation process will continue to run in the background until the process has completed or you restart Splunk Enterprise.

Download the add-on package

Creating the installation package for an add-on includes packaging the props, transforms, tags, event types, lookups, modular inputs, setup screens, modular alerts, and prebuilt panels into a single new app and exporting it to a downloadable file.

If you have added or modified any files directly in the file system rather than using Add-on Builder, be sure you follow the recommendations in Modify files directly before you package your add-on.

splunkd must have OS-level access to all files that you manually copy to your add-on directory. splunkd permission is defined by the user running Splunk Enterprise. Insufficient access permission is indicated by a grayed-out Download Package button.

To download your add-on package file

  1. On your add-on homepage, click Validate & Package on the Add-on Builder navigation bar.
  2. Click Download Package to download the installation package for the add-on as an SPL file.
Last modified on 07 August, 2017
Create alert actions   Modify files directly

This documentation applies to the following versions of Splunk® Add-on Builder: 2.1.0, 2.1.1, 2.1.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters