Splunk Developer's Guide - Second Edition
eBook - ePub

Splunk Developer's Guide - Second Edition

Kyle Smith

Share book
  1. 190 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Splunk Developer's Guide - Second Edition

Kyle Smith

Book details
Book preview
Table of contents
Citations

About This Book

Learn the A to Z of building excellent Splunk applications with the latest techniques using this comprehensive guideAbout This Book• This is the most up-to-date book on Splunk 6.3 for developers• Get ahead of being just a Splunk user and start creating custom Splunk applications as per your needs• Your one-stop-solution to Splunk application developmentWho This Book Is ForThis book is for those who have some familiarity with Splunk and now want to learn how to develop an efficient Splunk application. Previous experience with Splunk, writing searches, and designing basic dashboards is expected.What You Will Learn• Implement a Modular Input and a custom D3 data visualization• Create a directory structure and set view permissions• Create a search view and a dashboard view using advanced XML modules• Enhance your application using eventtypes, tags, and macros• Package a Splunk application using best practices• Publish a Splunk application to the Splunk communityIn DetailSplunk provides a platform that allows you to search data stored on a machine, analyze it, and visualize the analyzed data to make informed decisions. The adoption of Splunk in enterprises is huge, and it has a wide range of customers right from Adobe to Dominos. Using the Splunk platform as a user is one thing, but customizing this platform and creating applications specific to your needs takes more than basic knowledge of the platform.This book will dive into developing Splunk applications that cater to your needs of making sense of data and will let you visualize this data with the help of stunning dashboards.This book includes everything on developing a full-fledged Splunk application right from designing to implementing to publishing. We will design the fundamentals to build a Splunk application and then move on to creating one. During the course of the book, we will cover application data, objects, permissions, and more. After this, we will show you how to enhance the application, including branding, workflows, and enriched data. Views, dashboards, and web frameworks are also covered.This book will showcase everything new in the latest version of Splunk including the latest data models, alert actions, XML forms, various dashboard enhancements, and visualization options (with D3). Finally, we take a look at the latest Splunk cloud applications, advanced integrations, and development as per the latest release.Style and approachThis book is an easy-to-follow guide with lots of tips and tricks to help you master all the concepts necessary to develop and deploy your Splunk applications.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Splunk Developer's Guide - Second Edition an online PDF/ePUB?
Yes, you can access Splunk Developer's Guide - Second Edition by Kyle Smith in PDF and/or ePUB format, as well as other popular books in Computer Science & Data Processing. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Packt Publishing
Year
2016
ISBN
9781785883552
Edition
2
Topic
Computer Science
Subtopic
Data Processing
Index
Computer Science

Splunk Developer's Guide Second Edition

Table of Contents

Splunk Developer's Guide Second Edition
Credits
About the Author
About the Reviewer
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Instant updates on new Packt books
Preface
Overview of what this book isn't
What this book is
Assumptions
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Application Design Fundamentals
What is a Splunk application?
Why applications?
Definitions
Designing the App
Identifying the use case
Identifying what you want to consume
Identifying what you want to brand
Identifying what you want to display
Installing Apps
Splunk Web
The Splunk command line
Unzipping using the command line
Summary
2. Creating Applications
A brief clarification
Methods of creating applications
GUI
CLI
FreeForm
Basic application structure
appserver
bin
default
local
lookups
metadata
static
Application data
Indexes
Source types
Sources
Available Splunk knowledge objects
Macros
Event types
Tags
Saved searches
Dashboards
Lookups
Configurations
Object permissions
The setup screen
The endpoint
The setup file
Summary
3. Enhancing Applications
Workflows
Custom alert actions
Enriched data
Event types
Tags
Macros
Lookups
Common Information Model
Branding your App
Logos
Navigation
CSS
JavaScript
Acceleration
Summary indexing
Accelerated reports
Summary
4. Basic Views and Dashboards
Knowing your data
Available modules
SimpleXML dashboard
SimpleXML forms
Custom JavaScript, CSS, and Tokens
HTML dashboards
Summary
5. The Splunk Web Framework
The HTML dashboard
SplunkJS Stack
Search-related modules
SearchManager
SavedSearchManager
PostProcessManager
View-related modules
ChartView
The different types of ChartView
Area
Bar
Column
Filler gauge
Line
Marker gauge
Pie chart
Radial gauge
Scatter
Display-related modules
CheckboxView
CheckboxGroupView
DropdownView
EventsViewerView
FooterView
HeaderView
MultiDropdownView
RadioGroupView
SearchBarView
SearchControlsView
SimpleSplunkView
SingleView
MapElement
TableView
TextInputView
TimeRangeView
TimelineView
Tokenization
Customizing Splunk dashboards using CSS
Customizing Splunk dashboards using JavaScript
Custom D3 visualization
External data and content
Data
Content
Summary
6. Advanced Integrations and Development
Modular D3 visualization
Modular inputs
The spec file
Testing modular inputs
Configuring modular inputs
The App Key Value Store
When would you use the KV Store?
Configuring the KV Store
Data models
Version control and package managers
npm
Bower
Gulp
Git
Tying them all together
Summary
7. Packaging Applications
Naming guidelines
Dos and don'ts
Packaging the App
The App packaging checklist
Summary
8. Publishing Applications
Self-hosting your App
Splunkbase
Certified Applications
Splunk Cloud applications
Community
Answers
dev.splunk.com
Internet Relay Chat
Wiki
User groups
The SplunkTrust
Summary
Index

Splunk Developer's Guide Second Edition

Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: May 2015
Second edition: January 2016
Production reference: 1190116
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78588-237-1
www.packtpub.com

Credits

Author
Kyle Smith
Reviewer
Marco Scala
Commissioning Editor
Veena Pagare
Acquisition Editor
Vinay Argekar
Content Development Editor
Amey Varangaonkar
Technical Editor
Taabish Khan
Copy Editor
Trishya Hajare
Project Coordinator
Suzanne Coutinho
Proofreader
Safis Editing
Indexer
Hemangini Bari
Graphics
Abhinash Sahu
Production Coordinator
Shantanu N. Zagade
Cover Work
Shantanu N. Zagade

About the Author

Kyle Smith is a self-proclaimed geek and has been working with Splunk extensively since 2010. He enjoys integrating Splunk with new sources of data and types of visualization. He has spoken numerous times at the Splunk User Conference (most recently in 2014 on Lesser Known Search Commands) and is an active contributor to the Splunk Answers community and also to the #splunk IRC channel. He was awarded membership into the SplunkTrust as a founding member. He has published several Splunk Apps and add-ons to Splunkbase, the Splunk community's premier Apps and add-ons platform. He has worked in both higher education and private industry; he is currently working as an integration developer for Splunk's longest running professional services partner. He lives in central Pennsylvania with his family.
I'd like to thank my wife who most graciously put up with all my BS during the writing of this book. Without her, this effort is meaningless.

About the Reviewer

Marco Scala has been working for more than 15 years delivering solutions to large enterprise customers, first in the APM and J2EE fields and, since 2009, in the fields of operational intelligence and Splunk. He has provided consultancy for big Splunk installations for major customers, focusing on the best and most effective solutions for each different customer's needs. Since 2012, he's also a certified Splunk trainer.
In the last few years, Marco's major focus has been to get Splunk customers to gain the maximum value from their IT data and provide the business a better view and insight. Big Data is another major field of interest, and his next challenge is using Splunk ...

Table of contents