Splunk provides a fully-documented and supported REST API with over 200 endpoints. Developers can programmatically index, search, and visualize data in Splunk from any application.
> Learn more about the REST API.
Software Development Kits (SDKs)
The Splunk SDKs
> Learn more about the Splunk SDKs.
Developers can use the Splunk SDKs to:
- Run real-time searches and retrieve Splunk data from line-of-business systems such as Customer Service applications.
- Integrate data and visualizations (charts, tables) from Splunk into BI tools and reporting dashboards.
- Build mobile applications with real-time KPI dashboards and alerts powered by Splunk.
- Log directly to Splunk from remote devices and applications via TCP, UDP, and HTTP.
- Build customer-facing dashboards in applications powered by user-specific data in Splunk.
- Manage a Splunk instance, including adding and removing users as well as creating data inputs from an application outside of Splunk.
- Programmatically extract data from Splunk for long-term data warehousing.
> Download an SDK:
Developers can expand the search language to customize commands to better meet their needs, to perform custom processing or calculations, or to make Splunk Enterprise offers search extensibility through:
- Custom search commands: Developers can add a custom search script (in Python) to Splunk to create their own search commands. To build a search that runs recursively, developers must make calls directly to the REST API.
- Scripted lookups: Developers can programmatically script lookups via Python.
- Scripted alerts: Scripted alerts can trigger a shell script or batch file (we provide guidance for Python and PERL).
- Search macros: Search macros make chunks of a search reuseable in multiple places, including saved and ad-hoc searches.
> To learn more, read about custom search commands.
Data models and modular inputs
Splunk also provides developers with other mechanisms to extend the power of the platform.
- Data models allow developers to abstract away the search language syntax, making Splunk queries (and thus, functionality) more manageable and portable/shareable.
- Modular inputs allow developers to extend Splunk to programmatically manage custom data input functionality via REST.
> To learn more, read about data models.
> To learn more, read about modular inputs.