Course Content
This 9-hour course focuses on Splunk app and add-on development. It's designed for application developers who want to create new apps for Splunk Enterprise and Splunk Cloud. Major topics include planning apps, building a data generator, creating custom search commands and REST endpoints, app packaging and deployment, and more.
Who should attend
Advanced Splunk users, administrators, and developers.
Prerequisites
To be successful, students should have a solid understanding of the following:
- Splunk system administration
- Splunk data administration
- Python or a similar scripting language
Course Objectives
- Plan, build, and manage Splunk apps
- Create a data generator
- Develop a custom search command
- Extend the Splunk REST API
- Construct a workflow action
- Validate an app with AppInspect
- Package and deploy an app
Outline: Building Splunk Classic Apps (BAWS)
Topic 1 – Planning Apps
- Describe apps and add-ons
- Set up a development environment
- Improve app performance
- Use security best practices
Topic 2 – Adding Data
- List types of data inputs
- Explain modular vs scripted inputs
- Review types of knowledge objects
- Create a data generator
Topic 3 – Creating Apps
- Create a basic app
- Configure app properties
- Identify app components
- Manage apps and add-ons
Topic 4 – Custom Search Commands
- Identify search command types
- Create a search command
- Examine Splunk metadata
- Configure access control
Topic 5 – Custom REST Endpoints
- Identify REST handler types
- Create a REST endpoint
- Examine Splunk metadata
- Configure access control
Topic 6 – Custom Workflow Actions
- Identify workflow action types
- Create a workflow action
- Examine workflow action parameters
- Configure access control
Topic 7 – Packaging Apps
- Create an app setup page
- Explain config file precedence
- Use AppInspect to validate an app
- Produce a deployable app