Splunk® Enterprise

Admin Manual

Acrobat logo Download manual as PDF


Splunk Enterprise version 8.2 is no longer supported as of September 30, 2023. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
Acrobat logo Download topic as PDF

Apps and add-ons

Apps and add-ons allow you to extend the functionality of the Splunk platform.

App

An app is an application that runs on the Splunk platform. Apps are designed to analyze and display knowledge around a specific data source or data set.

An app might include any or all of the following configurations:

  • Dashboards and supporting searches that integrate knowledge of the data source and structure.
  • Authentication management and other data source management interfaces.
  • An app might require the use of one or more add-ons to facilitate the collection or configuration of data.

Some apps are free and a few are paid. Examples of free apps include: Splunk App for Microsoft Exchange, Splunk App for AWS, and Splunk DB Connect.

Store your apps on a fast, local disk, not on network file system (NFS). Loading apps on NFS can become a performance bottleneck.

Add-on

An add-on provide specific capabilities to assist in gathering, normalizing, and enriching data sources.

An add-on might include any or all of the following configurations:

  • Data source input configurations.
  • Data parsing and transformation configurations to structure the data for Splunk Enterprise.
  • Lookup files for data enrichment.
  • Supporting knowledge objects.

Examples include: Splunk Add-on for Checkpoint OPSEC LEA, Splunk Add-on for Box, and Splunk Add-on for McAfee.

App and add-on support

Anyone can develop an app or add-on for Splunk software. Splunk and members of our community create apps and add-ons and share them with other users of Splunk software on the online app marketplace Splunkbase. Splunk does not support all apps and add-ons on Splunkbase.

Last modified on 14 December, 2023
PREVIOUS
KV store troubleshooting tools
  NEXT
Search and Reporting app

This documentation applies to the following versions of Splunk® Enterprise: 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.2.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters