Database Reference
In-Depth Information
Apps versus add-ons
Splunk differentiates between applications and add-ons:
• A Splunk app includes Splunk features, such as saved searches, reports, and dash-
boards that are built into a new graphic user interface. Many different apps (383 as
of late 2014) have been developed by companies and users.
• Splunk add-ons are also numerous. Their main purpose is to provide a way to
format events, including how to break data into events, how to pull out the host-
name, and how to rename the sourcetypes, along with how to define field extrac-
tions. They can have several distinguishing features:
◦ They are generally smaller than an app
◦ They don't have their own GUI
◦ They may require extra configuration to work with Splunk
There are also a few suites for Splunk that can be either apps or add-ons. These are usually
larger, integrated sets of apps that are designed, supported, and installed by Splunk or a
company.
The following list shows the other ways you can search apps and add-ons:
• By category (which will be discussed next)
• By support (either the Community or Splunk itself)
• By compatibility with the version of Splunk
• By Common Information Model
• By platform (Linux, Windows, FreeBSD, Solaris, AIX, OSX, HP-UX, and other
platforms)
