Splunk Tutorial 03 : What is Splunkbase?

What is Splunkbase?

 

Inside Splunk, there is a lot of apps you can download to extend the functionality your Splunk application.  Splunkbase is a platform that allowing us to download those apps.

Apps that are built by plunk will have a “Splunk Buit”Logo while apps that are certified by Splunk will have the “Splunk Certified” Logo.

However, there is other apps that may not have passed the Splunk Certification but they have also very useful.

 

How to download a Splunk App?

 

Suppose we want to download an app called “Splunk Dashboard Examples”. Following is the steps:

1. Goto https://splunkbase.splunk.com
1. Goto https://splunkbase.splunk.com
2. Login Splunkbase using your Splunk account login.
2. Login Splunkbase using your Splunk account login.
3. Search for "Splunk Dashboard Examples" from the search box
3. Search for “Splunk Dashboard Examples” from the search box
4. This is the Detail of the Splunk App
4. This is the Detail of the Splunk App

This detail page indicated this app is built by Splunk, and also provide a brief overview regarding to this Splunk App.

 

5. Click "Download"
5. Click “Download”
6. Accept the License Agreements
6. Accept the License Agreements
7. Goto your local Splunk page
7. Goto your local Splunk page
8. Click "Manage App"
8. Click “Manage App”
9. This will list all Apps currently installed in your splunk
9. This will list all Apps currently installed in your splunk

 

Following table listed the meaning of each columns

[vtftable cols=”{0}0-1:d9d9d9;{/}”]
Column Name;;;Definition;nn;
Name;;;Name of the Splunk App;nn;
Folder Name;;;Where is the app stored in the Splunk server;nn;
Version;;;Version number of the app;nn;
Update Checking;;;Would the server check for any new version of the Splunk App;nn;
Visible;;;). Mot of the apps will have a user interface. However, it is not mandatory.;nn;
Sharing;;;Sharing permissions for this app;nn;
Status;;;Status of current app;nn;
Actions;;;Actions can do in this page for the app;nn;
[/vtftable]

 

10. Click Install app from file
10. Click Install app from file
11. Click "Choose File"
11. Click “Choose File”
12. Select the downloaded file . click auto update and "Install"
12. Select the downloaded file . click auto update and “Install”
13 The new app is now available from the Splink Enterprise
13 The new app is now available from the Splink Enterprise
14. Click "Splunk> enterprise"
14. Click “Splunk> enterprise”
15. Click "Splunk Dashboard Examples" to access to the app
15. Click “Splunk Dashboard Examples” to access to the app

 

16. The "Splunk Dashboard Examples"
16. The “Splunk Dashboard Examples”

 

 

What is a Splunk Apps?

 

Basically a Splunk Apps is simply a set of related config files. A config file is a text file.

 

Let’s have a look those underneath config files for the “Splunk Dashboard Examples” Splunk App.

As indicated from from step 10, the app is stored under folder “Simple_xml_examples”

13 The new app is now available from the Splink Enterprise

 

Following is the full path to this Splunk App:

C:\Program Files\Splunk\etc\apps\simple_xml_examples\

This can be variant depends of where is the Splunk server being installed.

Goto the “default” folder.

Go to the default folder
Go to the default folder and use notepad or other text editor to open one of the config file.

 

content of the config file
content of the config file

 

Cost for a Splunk App?

Most Splunk Apps are free, but there is also a few premium apps which you will need a licenses.

Who Develop Splunk Apps?

The answer is very variant, it can be Splunk them-self, Software vendor etc.

What is Add-on?

You may come across with the term Add-on. Add-ons are simply are subsets of an app. It is for specify data collection. It don’t have GUI because they are part of the larger app.

Leave a Comment