Integrate and extend Splunk

REST API

Splunk provides a fully-documented and supported REST API with over 200 endpoints. Developers can programmatically index, search, and visualize data in Splunk from any application.

>  Learn more about the REST API.

Software Development Kits (SDKs)

The Splunk SDKs include documentation, code samples, resources, and tools to make it faster and more efficient to program against the Splunk REST API using constructs and syntax familiar to developers experienced with Java, Python, JavaScript, PHP, Ruby, and C#. In just a few lines of code, developers can easily manage HTTP access, authentication, and namespaces.

>  Learn more about the Splunk SDKs.

Developers can use the Splunk SDKs to:

  • Run real-time searches and retrieve Splunk data from line-of-business systems such as Customer Service applications.
  • Integrate data and visualizations (charts, tables) from Splunk into BI tools and reporting dashboards.
  • Build mobile applications with real-time KPI dashboards and alerts powered by Splunk.
  • Log directly to Splunk from remote devices and applications via TCP, UDP, and HTTP.
  • Build customer-facing dashboards in applications powered by user-specific data in Splunk.
  • Manage a Splunk instance, including adding and removing users as well as creating data inputs from an application outside of Splunk.
  • Programmatically extract data from Splunk for long-term data warehousing.

> Download an SDK:

Search extensibility

Developers can expand the search language to customize commands to better meet their needs, to perform custom processing or calculations, or to make Splunk Enterprise offers search extensibility through:

  • Custom search commands: Developers can add a custom search script (in Python) to Splunk to create their own search commands. To build a search that runs recursively, developers must make calls directly to the REST API.
  • Scripted lookups: Developers can programmatically script lookups via Python.
  • Scripted alerts: Scripted alerts can trigger a shell script or batch file (we provide guidance for Python and PERL).
  • Search macros: Search macros make chunks of a search reuseable in multiple places, including saved and ad-hoc searches.

>  To learn more, read about custom search commands.

Data models and modular inputs

Splunk also provides developers with other mechanisms to extend the power of the platform.

  • Data models allow developers to abstract away the search language syntax, making Splunk queries (and thus, functionality) more manageable and portable/shareable.
  • Modular inputs allow developers to extend Splunk to programmatically manage custom data input functionality via REST.

>  To learn more, read about data models.

>  To learn more, read about modular inputs.