Splunk® Enterprise

Admin Manual

Download manual as PDF

Download topic as PDF

Apps and add-ons

Apps and add-ons allow you to extend the functionality of the Splunk platform.

App

An app is an application that runs on the Splunk platform. Apps are designed to analyze and display knowledge around a specific data source or data set.

An app might include any or all of the following configurations:

  • Dashboards and supporting searches that integrate knowledge of the data source and structure.
  • Authentication management and other data source management interfaces.
  • An app might require the use of one or more add-ons to facilitate the collection or configuration of data.

Some apps are free and a few are paid. Examples of free apps include: Splunk App for Microsoft Exchange, Splunk App for AWS, and Splunk DB Connect.

Add-on

An add-on provide specific capabilities to assist in gathering, normalizing, and enriching data sources.

An add-on might include any or all of the following configurations:

  • Data source input configurations.
  • Data parsing and transformation configurations to structure the data for Splunk Enterprise.
  • Lookup files for data enrichment.
  • Supporting knowledge objects.

Examples include: Splunk Add-on for Checkpoint OPSEC LEA, Splunk Add-on for Box, and Splunk Add-on for McAfee.

App and add-on support

Anyone can develop an app or add-on for Splunk software. Splunk and members of our community create apps and add-ons and share them with other users of Splunk software on the online app marketplace Splunkbase. Splunk does not support all apps and add-ons on Splunkbase.

  • For a list of the support options for apps and add-ons, see App support types in the Working with Splunkbase manual.
  • For guidance on developing apps, see dev.splunk.com
Last modified on 06 July, 2020
PREVIOUS
KV store troubleshooting tools
  NEXT
Search and Reporting app

This documentation applies to the following versions of Splunk® Enterprise: 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters