Splunk Apps and Add-ons
In this section, we are going to learn about the Splunk apps and add-ons, search and reporting apps, search summary view, where to find more apps and add-ons etc. It allows us to extend the Splunk platform 's functionality.
Application or app
An app is an application running on Project Splunk. Apps are designed to analyze and display knowledge around a particular source or set of data. An application might contain any or all of the following configurations:
Some programs are free, and others are paid for. Examples of Free Apps include Microsoft Exchange Splunk App, AWS Splunk App, and DB Connect Splunk.
An add-on offers unique features for helping to collect, standardize, and enrich data sources. It may include the following features or all of them:
Examples include Splunk Add-on for Checkpoint OPSEC LEA, Splunk Add-on for Package, and Splunk Add-on for McAfee.
App and add-on support
Anyone can develop a Splunk software app or add-on. Splunk and our community members create apps and add-ons and share them with other Splunk software users on the Splunkbase online app marketplace. Splunk doesn't support any of the Splunkbase features and add-ons.
Search and Reporting app
Splunk Enterprise provides the Search and Reporting Software by default. The framework offers Splunk Enterprise's core features. When we first login to Splunk Site, the Splunk Home page provides a connection to the device.
Find Splunk Search and Reporting
Search Summary View
The Search Summary view contains common elements that includes the Applications menu, the Splunk bar, the Apps bar, the Search bar, and the Time Range Picker. The panels below the search box are elements which is unique to the Search Summary view: How to Search panel, What to Search panel, and Search History panel.
In the following table, we have summarized the description of the above window.
Splunk Web configuration to open directly to an app
Splunk Web can be configured such that it bypasses Splunk Home and opens instead in a different app of our choosing. It is called default device configuration. While we recommend that this change must be implemented by roles in the Splunk, although we can also set a default app for all users or per user. For the role of that user a default app is set for a specific user to takes precedence over the standard app.
Set a default app by role
We may set a default app with a different feature for all users. For example, with the "user" function, we might send all users to an app that we made, and all admin users to the Monitoring Console.
For all users with a similar position to bypass the Splunk Home:
Set a default app for all users
We may choose a default app that will allow all users to land when they log in. For example, setting the Search app as the default global to:
1. Create or edit
3. For the update to take effect, restart Splunk Enterprise.
Set a default app for a single user
In most cases, the default apps should be set per function. But if we need to set a default app for a particular user in our use case, we can do this through Splunk Web.
To make a user's Search App, the default landing app:
The shift takes place without a restart.
Where to find more programs and add-ons
Newer features and add-ons can be found on Splunkbase: https://splunkbase.splunk.com/.
The Splunk Enterprise dashboard also helps us to search for new features.
If we are connected to the Internet
Note: If Splunk Web is located behind a proxy server, the access to Splunkbase might be difficult. To solve this problem, we need to set the environment variable HTTP PROXY, as defined with a reverse proxy configuration in Using Splunk Internet.
If we are not connected to the Internet
If our Splunk Enterprise server and client are not connected to the Internet, we need to download and copy apps from Splunkbase to our computer: