There are several ways you can extend Splunk using the Splunk SDKs, the Splunk REST API, and custom search commands.
Splunk provides a growing list of SDKs that you can use to write applications in third party software that access the Splunk REST API. [Splunk for Developers], the Splunk developer portal, provides details on the available SDKs plus documentation on how to build applications using the SDKs. The SDKs that are currently available include:
- Python SDK
- Java SDK
Splunk REST API
You can use the Splunk REST API to run searches or manage Splunk configurations and objects without accessing Splunk through Splunk Web.
Custom search commands
Splunk ships with a wide variety of search commands. However, you may want to build your own custom search command to parse and present data in a new way. Custom search commands requires a moderate understanding of Python.
- Note: Search commands are not recursive -- they only act on the data they receive back from the search.
Example script that polls a database
This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7