There are several ways you can extend Splunk using the Splunk SDKs, the Splunk REST API, and custom search commands.
Splunk provides several SDKs that you can use to write applications in numerous programming languages that access the Splunk REST API. The Splunk Developer Portal provides details about the available SDKs plus documentation on how to build applications using the SDKs. The following SDKs are available:
- Splunk SDK for Python
- Splunk SDK for Java
- Splunk SDK for PHP
- Splunk SDK for Ruby
- Splunk SDK for C#
Splunk REST API
You can use the Splunk REST API to run searches or manage Splunk configurations and objects without accessing Splunk through Splunk Web.
Custom search commands
Splunk ships with a wide variety of search commands. However, you may want to build your own custom search command to parse and present data in a new way. Custom search commands requires a moderate understanding of Python.
- Note: Search commands are not recursive -- they only act on the data they receive back from the search.
Modular inputs examples
This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18