Extend Splunk Enterprise
There are several ways you can extend Splunk Enterprise using the Splunk SDKs, the Splunk Enterprise REST API, and custom search commands.
The Splunk SDKs let you write applications in numerous programming languages that access the Splunk Enterprise REST API. The Splunk Developer Portal provides details about the available SDKs plus documentation on how to build applications using the SDKs. The following SDKs are available:
- Splunk SDK for Python
- Splunk SDK for Java
- Splunk SDK for PHP
- Splunk SDK for Ruby
- Splunk SDK for C#
Splunk Enterprise REST API
You can use the Splunk Enterprise REST API to run searches or manage Splunk Enterprise configurations and objects without accessing Splunk Enterprise through Splunk Web.
Custom search commands
Splunk Enterprise ships with a wide variety of search commands. However, you may want to build your own custom search command to parse and present data in a new way. Custom search commands requires a moderate understanding of Python.
- Note: Search commands are not recursive -- they only act on the data they receive back from the search.
Modular inputs examples
This documentation applies to the following versions of Splunk® Enterprise: 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15