Arrow Electronics, Inc.

Building Splunk Apps

CODE: SPL_BSA

LENGTH: 16 Hours (2 days)

PRICE: kr17 055,00

Description

This two-day course focuses on Splunk Enterprise app development. It's designed for advanced users, administrators, and developers who want to create apps for Splunk Enterprise and Splunk Cloud. Major topics include planning apps, building data generators, adding data, custom search commands and REST endpoints, using the KV Store, app vetting using AppInspect and app packaging.

Objectives

Description

  • Planning Apps
  • Creating Apps
  • Adding Data
  • Enhancing Apps
  • Using the REST API
  • Packaging Apps

Prerequisites

To be successful, students should have a solid understanding of the following courses:

  • Splunk Fundamentals 1
  • Splunk Fundamentals 2
  • Creating Dashboards

OR the following single-subject courses:

  • What Is Splunk?
  • Intro to Splunk
  • Using Fields
  • Visualizations
  • Leveraging Lookups and Subsearches
  • Search Under the Hood
  • Introduction to Knowledge Objects
  • Creating Knowledge Objects
  • Creating Field Extractions
  • Enriching Data with Lookups
  • Introduction to Dashboards
  • Dynamic Dashboards

Students should also have completed the following courses:

  • Advanced Dashboards & Visualizations
  • Splunk System Administration (recommended)

Programme

Module 1 – Planning Apps

Set up a development environment

Improve app performance

Identify Splunk log files

Use security best practices

Create a data generator

 

Module 2 – Creating Apps

Describe the web framework architecture

Manage apps and add-ons

Create an app

Configure app properties

Create app navigation

Add app icons and logos

 

Module 3 – Adding Data

List types of data inputs

Identify ways to add data

Explain modular vs scripted inputs

Understand data normalization

Review Add-on Builder

 

Module 4 – Enhancing Apps

Review commonly used knowledge object

Learn about custom alert actions

Build custom workflow actions

Develop custom search commands

 

Module 5 – Using the REST API

Describe the Splunk REST API works

Explain using REST with SplunkJS

Extend Splunk with custom REST endpoints

Review the KV Store and configuration

Maintain app state using KV Store

 

Module 6 – Packaging Apps

Creating an app setup screen

Define config file precedence

Validate an app for Cloud with AppInspect

Explain local and default differences

Package an app

Session Dates