Splunk® Add-on Builder

Splunk Add-on Builder User Guide

This documentation does not apply to the most recent version of Splunk® Add-on Builder. For documentation on the most recent version, go to the latest release.

About the Splunk Add-on Builder

The Splunk Add-on Builder helps you build and validate add-ons for your Splunk platform deployment. The Splunk Add-on Builder is ideal for:

  • Splunk admins who would like to onboard additional data into the Splunk platform.
  • Developers who are looking for a tool to help them build and validate a Splunk add-on.

How an add-on helps you use the Splunk platform

An add-on is a reusable Splunk component that you build to perform a function in your Splunk deployment, such as getting a unique set of system data in and out of the Splunk software.

Add-ons can include any combination of:

  • custom configurations
  • scripts
  • data inputs
  • custom reports or views
  • themes that can change the look and feel of the Splunk platform.

Your add-on can be used in multiple apps, suites, or solutions.

Specialized add-ons help to collect, transform, and normalize data feeds from specific sources in your environment. Specialized add-ons are often referred to as Technology Add-ons, and can include some of the following functions:

  • Knowledge management components that make the data easy to use. Examples include field extractions, transforms, and lookups,
  • Knowledge mapping components that normalize the data to the Common Information Model. Examples include event types and tags.
  • Configurations and/or tools that gather data from a source.

For more about apps and add-ons, see Develop Splunk Apps on the Splunk Developer Portal.

How the Splunk Add-on Builder can help you

The Splunk Add-on Builder guides you through the process of creating an add-on. The goals of the Splunk Add-on Builder are to:

  • Guide you through all of the necessary steps of creating an add-on
  • Build alert actions and adaptive response actions for Splunk Enterprise Security
  • Reduce development and testing time
  • Follow best practices and naming conventions
  • Maintain CIM compliance
  • Maintain quality of add-ons
  • Validate and test the add-on, helping you to check for certification readiness and to identify any limitations such as compatibilities and dependencies
  • Maintain a consistent look and facilitate branding
  • Package the add-on and helps you get ready to submit it for certification
Last modified on 18 February, 2022
  Learn more and get help

This documentation applies to the following versions of Splunk® Add-on Builder: 4.1.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters