Learn more about developing Splunk apps:
Splunk apps make it easier for an organization and its users to interact with data. Apps are designed to address a specific type of task, such as real-time data analysis, or security and monitoring, and then display the data using any number of visualizations to make the data easier to interpret. Splunk provides different ways for you to create apps for the Splunk users within your organization, as well as apps to share with or sell to other Splunk users.
A Splunk app is a collection of knowledge objects and extensions packaged for a specific technology or use case allowing for a more effective use of Splunk Enterprise. A Splunk app can include such elements as a custom UI with dashboards, reports, custom search commands, modular inputs, field extraction definitions, data lookups, a navigation menu, custom alert actions, custom code files, and much more. Splunk apps run in Splunk Web, and you access them from the Home page or the Apps menu.
To expand on this definition of a Splunk app:
Here are some examples of Splunk apps for different users and roles:
Technically, a Splunk add-on is a Splunk app. In practice, a Splunk add-on refers to a Splunk app that does not contain a full UI, and typically provides some custom configurations or data inputs. And without a UI, add-ons aren't available from the Splunk Web home page or the Splunk App menu, nor do they have a dedicated URL.
A single add-on can be used in multiple apps, suites, or solutions. So, every object in an add-on must be globally available in order to be globally accessible. For more, see App architecture and object ownership in the Admin Manual.
Splunk apps are useful for many reasons:
Splunkbase is the Splunk app and add-on marketplace. You can download apps and add-ons for use in your Splunk Enterprise environment, and you can create your own Splunk apps and share them with other members of the Splunk community. For more about submitting apps to Splunkbase, see the Working with Splunkbase manual.
You can also obtain Splunk Certification for apps and add-ons, which means that Splunk has examined an app or add-on and found that it conforms to best practices for Splunk development. For more, see About app certification.
Just creating a Splunk app is easy, but developing a fully-featured app takes work. The basic process is as follows:
Many components of a Splunk app can be built using Splunk Enterprise, such as data inputs, indexes, modular inputs, knowledge objects, alerts, and searches. See the Splunk Enterprise documentation for details.
Apps running in Splunk Cloud undergo a vetting process before they can be installed. This process ensures that the app does not compromise security or pose an operations risk in the public cloud environment. Splunk Cloud customers can submit their app for vetting by contacting Splunk Cloud support.
For more information about using apps with Splunk Cloud, see Get Splunk Cloud apps in the Splunk Cloud User Manual.