Splunk® Add-on Builder

Splunk Add-on Builder User Guide

This documentation does not apply to the most recent version of Splunk® Add-on Builder. For documentation on the most recent version, go to the latest release.

Use the Splunk Add-on Builder

The Splunk Add-on Builder home page displays:

  • projects for add-ons created using the Splunk Add-on Builder
  • apps and add-ons that are already installed on your instance of Splunk Enterprise.

Add-on Builder project and meta data is editable and you can export projects to use on other instances of Add-on Buiilder.

Work with other apps and add-ons

You can work with apps and add-ons that are already installed on your instance of Splunk Enterprise, including apps and add-on that are not created using the Add-on Builder.

  • Validate & Package:
    • Validate the app or add-on against best practices and other rules and determine whether your app is ready for Splunk App Certification.
    • Download a package file for the app or add-on.
  • Configure data collection; Collect data from your source.
  • Manage Source Type: Create or import a source type and add sample data for the app or add-on.
  • Extract Fields: Parse the data in your source types to create field extractions for the app or add-on.
  • Map to Data Model: Map fields from the app or add-on to the data models.
  • Create Alert Actions: Create and configure Alert actions for the app or add-on.

If an existing app or add-on has configuration files in the app's /default directory, Add-on Builder prompts you to let Add-on Builder move these configuration files to the app's /local directory and merge them with any existing configuration files. Typically these configuration files include props.conf, eventtypes.conf, and tags.conf, which are used for data model mapping.


Use Add-on Builder to work with other apps and add-ons

  1. On the Splunk Add-on Builder home page, click the Other apps and add-ons tab.
  2. On the app or add-on, click the link for the activity you want: Validate & Package, Manage Source Type, Manage Source Type, Extract Fields, Map to Data Model or Create Alert Actions.
Last modified on 13 July, 2021
 

This documentation applies to the following versions of Splunk® Add-on Builder: 4.0.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters