Splunk® Add-on Builder

Splunk Add-on Builder User Guide

A framework for add-on development

This is an open source framework and it is supported by Splunk Technical Add-Ons engineering team.

About UCC

Universal Configuration Console (UCC) is a framework that simplifies the process of add-on creation for developers. You can use UCC to generate UI-based Splunk add-ons. UCC includes UI, REST handlers, modular inputs, OAuth, and alert action templates.

The UCC framework helps you to maintain consistency and a uniform look and feel across different add-ons. You can easily update and modify your add-ons.

To work with the UCC framework, you can also use Splunk Extension. It helps you to create, test, and debug the add-ons in a simple way. For more information, see Visual Studio Code Extension for Splunk.

To see how UCC can be used in an add-on, see Example TA.

To learn more, see Managing Splunk Add-Ons with UCC Framework.

Libraries

UCC-based add-ons are powered by the following Splunk libraries:

For more information, see UCC-related libraries.

Some specific Python libraries (such as google-cloud-bigquery) use .so files to operate. pip installs OS-specific versions of those .so files, which makes it impossible to use such add-ons on a Windows machine because it was built for macOS.

What UCC generates

When you use UCC to create an add-on, the following elements are generated and stored in the appropriate folders:

  • UI is stored in the appserver folder,
  • Python REST handlers that support UI CRUD operations are stored in the bin folder,
  • inputs and their helper modules. For more information, see Inputs and Helper modules,
  • OpenAPI description documents are stored in the appserver/static/openapi.json file. For more information, see OpenAPI description document,
  • .conf files. For more information, see .conf files,
  • Python requirements are installed in the lib folder,
  • metadata files are stored in the metadata folder,
  • the monitoring dashboard. For more information, see Dashboard,
  • the necessary files defined for the alert action, if you defined the alert action in the globalConfig file. For more information, see Alert actions.

You can extend your add-ons with the following files:

  • to extend the UI, use custom codes. For more information, see Custom hook.
  • to extend the build process, use the additional_packaging.py file. For more information, see additional_packaging.py file.
Last modified on 04 January, 2025
Validate and package   Use the UCC framework

This documentation applies to the following versions of Splunk® Add-on Builder: 4.4.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters