The Add-on Builder is a tool that helps developers quickly create add-ons for Splunk. With the Add-on Builder, you can configure data inputs, create alert actions, create a setup page, perform field extractions, and add CIM mapping to your data using a UI, without having to edit and manage Splunk configuration files. The Add-on Builder also validates your add-on against best practices and app certification, and provides suggestions for fixing issues before you package your add-on for distribution.
Get familiar with the Splunk Add-on Builder by following this step-by-step guide that shows hows to use the Add-on Builder to build sample add-ons to address different use cases.
To get started, you'll need to use a computer running Splunk Enterprise in a development environment, such as on a laptop. Then:
You'll also need to install the Splunk Common Information Model (CIM) add-on, which is required for working with adaptive response actions for Enterprise Security, and for mapping fields in your data to the CIM.
Start the Splunk Add-on Builder from the Splunk Web home page to see the main page of the app:
The top section shows you all of your Add-on Builder projects, along with details about them such as the last modified date, author, and version. You can open these projects and continue working on them using the Add-on Builder.
You'll see other apps and add-ons that are installed on your Splunk instance. You can map fields to CIM, create alert actions, and run the validation check on them.