Splunk® Add-on Builder

Splunk Add-on Builder User Guide

This documentation does not apply to the most recent version of Splunk® Add-on Builder. For documentation on the most recent version, go to the latest release.

Validate and package

In Validate & Package:

  • Validate your add-on for best practices and Splunk App Certification, and test your data inputs, field extractions, and data model mappings. The Splunk Add-on Builder shows you any errors or warnings, along with recommendations about how to address them.
  • Download your add-on package as an SPL file. The SPL format is identical to the tar archive format, but uses the .spl extension rather than .tar.gz.

Validate the add-on

You can select from the following types of validation to perform on your add-on:

  • Best Practices
  • Data Model Mapping
  • Field Extraction

To validate your add-on

  1. On your add-on homepage, click Validate & Package on the Add-on Builder navigation bar.
  2. Click Validate to run the validation and and display the results.
Overall Health Report This report displays a health validation score based on the errors, warnings, and failed rules. If you are validating for app precertification, this section also lets you know whether your app is ready to be submitted to Splunk App Certification.

This health score is valid in a local environment. The score could be different for the same add-on if the add-on were validated in other environments or at different times due to differences in global knowledge management and differences in indexed data. Use the health score as a subjective indicator about the overall quality of your add-on.

Error The total number of errors that were found.
Warning The total number of warnings that were found.
Pass The number of rules that your add-on passed.
Validation result distribution A chart displaying the breakdown of the validation results.
Validation Rule Details A list of all the validation rules, with details about the validation category, a description of the rule, and a suggested solution to fix the problem for rules that your add-on did not pass.

Sometimes the suggested remedy is to directly edit a configuration file (.conf). The configuration files for your app are located in $SPLUNK_HOME/etc/apps/TA_your_addon_name, and you can edit them in a text editor. After you save changes to the file, refresh Splunk Web by going to

For more information about the best practices for add-ons, see:

Download the add-on package

Creating the installation package for an add-on includes packaging the props, transforms, tags, event types, lookups, modular inputs, setup screens, modular alerts, and prebuilt panels into a single new app and exporting it to a downloadable file.

If you have added or modified any files directly in the file system rather than using Add-on Builder, be sure you follow the recommendations in Modify files directly before you package your add-on.

splunkd must have OS-level access to all files that you manually copy to your add-on directory. splunkd permission is defined by the user running Splunk Enterprise. Insufficient access permission is indicated by a grayed-out Download Package button.

To download your add-on package file

  1. On your add-on homepage, click Validate & Package on the Add-on Builder navigation bar.
  2. Click Download Package to download the installation package for the add-on as an SPL file.
Last modified on 29 September, 2023
Create alert actions   Use the add-on

This documentation applies to the following versions of Splunk® Add-on Builder: 4.1.4, 4.1.5

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters