img img
Practice Exams:
View All
  • Home
  • SPLK-1002 Splunk Core Certified Power User – Splunk Apps And Add-On’s Part 3

SPLK-1002 Splunk Core Certified Power User – Splunk Apps And Add-On’s Part 3

  1. Creating your Own Splunk App

Now we have learned managing apps and add ons in splunk that is installing, deleting, disabling, add ons and apps on your splunk instance. Now, how we can create our own apps in splunk. That is we’ll be learning more about how to create our own apps for your internal teams or your work on some new technology, new logic that seems to have more value so that you are willing to share this with other community people.

You can package this as an app and submit it to your splunk based portal where you might get a chance to get 50 gb of data once your app is approved. In this video we’ll be going through the steps that are required for creating your own apps and how you can customize your own app for different visualization and other stuff.

Some of the steps we’ll be seeing is example of creating a sample app, that is how a typical app will be in splunk and what is a directory structure. And we’ll be creating as part of our tutorial a demo app which will be installing hit on a searcher and validating all the customization and configurations as part of those app. And also whenever we say about a splunk application, it is not like a java application or a python or php application that is full of coding knowledge that is required to create those application. No, the splunk application is a set of simple configuration files.

Sometimes it might include your javascript and css. This is also it’s completely for your dashboard visualization. But always your splunk application is a set of splunk configuration files that are inputs, outputs, your visualization, that is xml files, props, transforms almost all the time. This will be the basic requirement. Sometimes you might need your scripts, that is python or perl script in order to take some actions based on this visualization.

So don’t get scared when somebody says you need to create an application in splunk. No, it doesn’t require anything like php knowledge or java knowledge or net knowledge. In order to create a splunk application, all you need to know about creating an application is configuration files of splunk. Then we will see how we can organize these configuration files in order to create our own application.

  1. Creating your Own Splunk App using Linux CLI

In this video we’ll be creating an app which is named as demo. We’ll see how we can create the app in our lab. That is our splunk searcher on the aws. This is our splunk searcher. The first step in creating an app in splunk is go to etc apps directory or splunk. By now I think everybody knows where is etc apps located. So once you are inside etc apps if you list the files in those directories you will see an app called sample app. The first step in creating your own app is copy this sample app. I’m using simple copy command of linux that is recursively copy all the files under this app into new location. That is our new app. I’ll name it as splunk demo app.

This is our newly created app. This is nothing but a skeleton on top of which you can build your own apps. Once you enter inside this directory you will see a normal directory structure which is for minimal. For any application in splunk you need metadata information that is like basic information like version author and who has the privileged for this application, these kind of stuff and also logs which are generated as part of this application. The default directory where you are all the splunk related configuration will go in and the app server, the static contents of your application that is css, javascript, html, files, images all the static contents will go under app server we’ll see which is under default.

So under default you’ll be able to see some default files for application. As you can see there is a app. com which is very important for enabling your application because by default this state is disabled. I’ll just edit our app conf. I’ll name it state is equal to enabled. You can use any text editors for editing these files. I’ll be using vi. As you already know by now we will be throughout our implementation of splunk in Amazon aws with multi site clustering and high availability. We’ll be using vi editors. You can use any other editors you wish. You might download this configuration into your local file modify using notepad Plus plus you can upload it to server.

It is completely at your will. whichever you feel comfortable you can use them. So I’ll give the name as Splunk. com so that it will be displaying Splunk. com under my app. We’ll see where this will be displayed and I’ll make this app as visible is equal to true. So once this file is edited, just make sure this file contains all the edited values that is state is enabled, it is visible and the label for this application. Let us go ahead and restart our splunk instance.

So to summarize, we have not done anything major. We just copied the sample app, renamed it to our app and once we entered inside we went under default and changed the app cons to make the state as enabled and is visible. To true and a sample label.

So let us restart splunk. Before restarting, I’ll show you. As of now, there is no apps installed on our splunk searcher. So this is a searcher. As you can see, we have only search and reporting and we have just now installed our new app. Once we restart, we should be able to see our new app in this menu. Once it starts up, we’ll be able to see our newly created splunk demo app as part of our search engine successfully restarted. Let us relock in.

As you can see, we have our new app that is Splunk. com. This is the label we edited and if you click on this, you will get the basic navigational menu as part of the sample app component. As you can see, this is the basic visualization which comes as part of our sample app.

  1. Custom Navigation inside Apps : Part 1

Now we have understood more about creating an your own application and how to make it visible, change the labels, and how the default view of your application looks. As we all seen, this default view is not acceptable for a real-time enterprise application. Let us see how we can customize this ugly looking navigation menu into something better looking and more flexible. To do that, we’ll be going through all of these items as part of this video, where we’ll be seeing how to create a customized navigation, that is with multiple menus, multiple submenus, and how we can rename a navigation and create a new navigation menu, deleting them, changing the view of the app.

Let’s say as soon as I enter an app that is newly created app, I need to see a dashboard, not the default search view. We can also see how we can achieve this and how we can edit these views from gui. So let us go straight into our lab. This is our newly created app and we’ll go to cli in order to achieve this. So this is our splunk searcher. I’m in my home directory, so I’ll go to splunk etc. App because this is where we’ll be dealing with all the apps that are newly created.

We’ll go to a newly created app that is splunk demo and we’ll create a local directory because this is where all the configurations that will be placed as part of our configuration, there is no local directory. I’ll go ahead and create one. So once created, this is where you’re going to mention all your configuration related to this application. Either it might be props, transforms, visualization, anything related to it. It’s always a good practice to edit the configuration under Apps Local.

In order to create your custom navigations in splunk, you need a file called default xml, which whenever an application loads the navigation is copied from this file. So this default xml, we can generate it on our own or copy from an existing location. For this example of creating a custom navigation, we will be using the search application, that is, the Search and Reporting Applications navigation menu, that is, which comes with default phi options, that is, search, report, alerts, dashboards and data sets.

So we’ll be using this navigation menu as part of our customizing our own navigation into this newly created app. So when we customize, this application will almost look similar to this navigation menu. We’ll see how we can achieve this. So in order to do that, we need this default xml from the search application. So let us copy that it will be under Opt, splunk, etc. Apps. This is our default application. I’ll go to its default directory. It will be under Data ui navigation default xml. So this is the file that we need in order to customize our navigation.

As you can see, we have placed it under default local of our newly created app. But the directory structure should be similar to this. That is Data ui and Navigation. So let us go ahead and create the required data directory structure. That is, we have created Data. The next one is ui. The last one will be our Navigation. Once you have created this, make sure you copy this file into this directory.

  1. Custom Navigation inside Apps : Part 2

This should be it. Let us go ahead and restart our Splunk instance so that our new changes for our visualization has taken place. Splunk is up. Once we log in, you should be able to see the new changes that are reflected. As you can see again during the startup there were no know any errors reported so that it suggests our syntax was right. As part of our configuration changes, let us see our newly created app. As you can see, there are two menus created.

The labels are displayed as none. I think because of the capital L, it is actually small L. Let us quickly restart our Splunk. So instead of completely restarting Splunk, you can just restart Splunk B. Also, we’ll be seeing this almost at the last part of our tutorials where you’ll know the quick tricks and hacks in Splunk which will be very useful as part of your day to day operation. So now it has restarted. We got a collection label that we have defined, that is Collection One, that is Data sets and Reports. Similarly collection two that is alerts and dashboard.

Now let us see as part of our previous tutorials, we have created a couple of dashboards that is demo drill down and other dashboards that is inbuilt visualization. These were part of previous videos. Now let us see how we can add this demo dashboard as part of our menu, so that as soon as I click on that link I should be able to see this demo dashboard. So this is our demo dashboard that we have created as part of our previous videos.

Now we will see how to make this as a quick link in our navigation menu. In order to make that, we need to create one more directory that is under ui. Create a directory called Views. In this Views you should have your demo dashboard xml. You can either get your xml this way or you can find the xml the location of it on your Splunk using this command that is find opt Splunk under etc directory with a name. That is what is the name of our dashboard demo xml. So this command directly narrows you down to the location where this demo xml is present.

As we can see, it is present under Search local Data ui Views. But we are under our newly created app Splunk demo local Data ui Views. So we’ll copy this file under this directory. Once you have copied, you should be able to see this file. So here we have our demo xml. Now let us go back to our default navigation menu that is default xml. So here all you need to do is create a view tag this is our view and give your dashboard name.

Once you have given your dashboard name that is demo without xml, this is our complete file name. But we need to provide without xml restart Us plank instance in order to reflect the new changes. So this restart process can be speeded up. And also there is a web shortcut which you’ll be learning in probably last tutorial, which refreshes your configuration without the need of restarting your splunk instances. This is our searcher. Let us refresh so that it will pick up the changes.

So now we’ll be able to see our demo dashboard as part of our navigation. As you can see, this is our demo dashboard. So if I click automatically, my dashboard loads. In this way you can customize this entire navigation as per your complete will so that you can add multiple collections. You can go drill down into this, you can have collection inside a collection so that you will be able to see multiple panels. And also you can add direct links to the dashboard where you can edit this information into navigation.

Related posts:

  1. 5 Reasons to Make PowerShell Your First Programming Language
  2. 5 Useful Tips: How to Conquer IT Job Search in This Digital Age?
  3. Advantages Of Being A Certified Specialist In IT
  4. Basic CompTIA Certifications for you
  5. Boost Your Career With Cisco Certifications (Part 1)
  6. Job Opportunities For MCSE Certification
  7. Recruiter Tips for Candidates Aspiring for Software Development Position
  8. SY0-501 Section 2.9 given a scenario; select the appropriate control to meet the goals of security.
  9. Top 5 Security Skills You Should Have as a Сloud App Developer
  10. What Benefits Can You Bring to Your Company with New Cisco Certification Program?

Popular posts

Top Vendors On The IT Certification Market

Top 5 Agile Certifications You Should Pursue in 2020

Case Study Hillary’s HillRaisers raising cash for Obama inauguration

SY0-501 Section 1.1- Implement security configuration parameters on network devices and other technologies.

Your Best Career Path With EC-Council Certification

Job Opportunities For MCSE Certification

Reasons To Get Microsoft MCSA Certification

SY0-501 Section 3.2- Summarize various types of attacks.

SY0-501 Section 6.2- Given a scenario, use appropriate cryptographic methods.

What Should You Know About New Amazon AWS Certified Database – Specialty Exam?

Recent Posts

img