Databases Reference
In-Depth Information
Working with Apps
In this chapter, we will explore what makes up a Splunk app. We will:
• Inspect included apps
• Install apps from Splunkbase
• Build our own app
• Customize app navigation
• Customize app look and feel
Defining an app
In the strictest sense, an
app
is a directory of configurations and, sometimes, code.
The directories and files inside have a particular naming convention and structure.
All configurations are in plain text, and can be edited using your choice of text editor.
Apps generally serve one or more of the following purposes:
1.
A container for searches, dashboards, and related configurations:
: This
is what most users will do with apps. This is not only useful for logical
grouping, but also for limiting what configurations are applied and at
what time. This kind of app usually does not affect other apps.
2.
Providing extra functionality
: Many objects can be provided in an app
for use by other apps. These include field extractions, lookups, external
commands, saved searches, workflow actions, and even dashboards.
These apps often have no user interface at all; instead they add
functionality to other apps.
Search WWH ::
Custom Search