In version 5.0, Splunk introduces Modular Inputs. Modular Inputs allows you to extend the Splunk framework to define a custom input capability. Splunk treats your custom input definitions as if they were part of Splunk's native inputs. From a Splunk Web perspective, your users interactively create and update your custom inputs using Splunk manager, just as they do for Splunk native inputs.
To implement Modular Inputs, you specify a custom input stream and Splunk configuration specifications. You create a configuration file specification that Splunk then uses to handle the custom inputs in the Splunk framework.Your newly defined inputs are then treated just as if they were a native input stream. You package your modular inputs as an app in a Splunk deployment or you can distribute them as a Splunk app in Splunkbase.
Modular inputs provide the following features:
- Splunk Web automatically provides UI access to your custom defined inputs
- You can create, configure, and access the inputs using Splunk REST API endpoints.
- You can define runtime behavior for your scripts, such as whether to launch a single instance or multiple instances.
For more information, refer to Modular Inputs topic in this manual.
Custom search commands
This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18