Splunk Developer FAQs

You may be wondering about a few things. Check out these frequently asked questions. If these don't cover your questions you can always check Splunk Answers or send us an email

General

SDK

App Framework

General

  1. What is Splunk?

    Splunk is a search engine and analytic environment that uses a distributed map-reduce architecture to efficiently index, search and process large time-varying data sets.

  2. So is Splunk really free?

    If you index less than 500M of data per day, Splunk is free to use, and the license never expires with certain functional limitations after the 60 day enterprise trial period. This limit refers to the amount of new data you can add per day, but you can keep adding more and more data every day, storing as much as you want. You could add 500MB of data per day and eventually have 10TB of data in Splunk. Splunk will track and provide notices for each day you exceed the maximum peak daily volume. For free and enterprise trial users the daily limit is 500MB. If the use above Max Peak Daily Volume is exceeded more than 5 times in a rolling 30 day period, the search functionality ceases working.

  3. My free enterprise trial license has expired. How can I continue to use Splunk Enterprise?

    When your trial license expires, you will automatically be moved to a Splunk free license. If you require more capabilities once your trial has expired please email us

  4. My dev trial license has expired. How can I renew my developer trial license?

    When your dev trial license expires, you can request a developer trial license renewal

  5. I need more than the 500MB per day that is allowed by the enterprise trial. How can I increase the upper limit?

    If you require more data than the 500MB per day allotted by the free trial please email us

  6. Where can I connect with other developers building applications on Splunk?

    You can join our Splunk Dev Google Group

  7. What is the difference between the Splunk App Framework and the Splunk SDKs?

    The Splunk App Framework resides within Splunk's webserver and enables you to customize the Splunk Web UI that comes with the product and build Splunk apps that use the Splunk web server. The Splunk SDKs are designed to enable you to build applications from the ground up and not require Splunk Web or any components from the Splunk App Framework. The Splunk App Framework is part of the features and functionality of the Splunk Software and using those features and functionality there is no modification to the Splunk Software licensed to you. The SDKs are separately licensed to you from the Splunk Software and does not modify the Splunk Software.

  8. What version of Splunk does this documentation apply to?

    Unless otherwise mentioned, it is assumed that this documentation applies only to the most current publicly available version of Splunk. Check the Splunk documentation or download Splunk to verify what the most current version is.

SDK

  1. Where can I find the Splunk SDKs?

    The Splunk SDKs are hosted on GitHub

  2. What is GitHub?

    You can learn more about GitHub here

  3. What is the difference between a Preview SDK and Open Beta SDK release?

    A Preview release is released "as-is" without support. Generally speaking a Preview release may or may not be feature complete. An Open Beta release is, generally speaking, feature complete and is supported if you are covered under a support agreement. See more details in the "Are Splunk SDKs Supported?" question

  4. The SDKs are available as open source. Which license are you using?

    Apache v2.0


  5. Are Splunk SDKs Supported?

    If you are covered under an existing maintenance agreement, you will have support if the SDKs are in a beta release or higher and you haven't modified the SDK library.

App Framework

  1. What is the Splunk App Framework?

    The Splunk App Framework is the inter-working of Python, JavaScript, HTML, and CSS code that powers Splunk Web.

  2. Why should developers use the Splunk App Framework?

    The Splunk App Framework offers developers a robust tool chain on both the server and client, facilitating interactions between users and Splunk searches, results, configurations, etc.

    This is the same framework that powers the Splunk Web interface used by thousands of people every day.

  3. Who should develop with the Splunk App Framework?

    Developers should use the Splunk App Framework if they are looking to create Splunk Apps, which are customizations or extensions of Splunk Web.

  4. What is the difference between a Splunk App and a custom application?

    In the Splunk world, a Splunk app is something that will run within the Splunk App Framework. A custom application is one that is built using the Splunk SDKs and REST API.

  5. What do you mean by app, add-on, module, and view?

    Please refer to this documentation's terminology overview for definitions and disambiguation between apps, add-ons, modules, and views.

  6. Is a stand-alone web server required to use the Splunk App Framework?

    The Splunk App Framework runs within CherryPy, a pythonic, object-oriented application server embedded in Splunk on most platforms.

    Having an embedded application server facilitates both portability as well as rapid development cycles.

  7. Are there any known issues with the Splunk App Framework?

    The Splunk App Framework documentation includes a list of known framework issues.

  8. Are there any published best practices for developing with Splunk App Framework?

    The Splunk App Framework documentation includes App development best practices.