Create an add-on

We'll begin by creating an add-on. On the Add-on Builder home page, click Create an add-on and enter the basic properties. For this walkthrough we'll use the following values:

  • Add-on name: Enter "VirusTotal".
  • Author: Enter "Splunk Docs".
  • Version: Leave the default value, "1.0.0".
  • Description: Enter "A sample add-on that queries the Virus Total API for suspicious URLs"
  • Visible: Don't select this option.
    When visible, the add-on appears on the Splunk Web home page. Typically, add-ons with no UI are not visible.
  • Icon: Click Upload from My Computer to upload an image file to use as the icon for the add-on.
    When an add-on is visible, the icon is displayed with the app on the Splunk Web home page.
  • Theme color: Select a theme color for the add-on.
    When an add-on is visible, the theme color is used for the navigation bar and as the icon background on the Splunk Web apps list.
  • [Alert action properties]

Click Create, then the Add-on Builder opens the home page for your new add-on:

[Add-on home page]

This home page is the dashboard for your add-on, showing you your progress towards creating different objects. Suggested actions are indicated by the icons in the center of the page. All possible tasks are displayed in the top navigation bar. The icon indicates that a particular feature isn't available until you restart Splunk Enterprise.

>>  Continue to 2. Create an alert action.