Before You Begin

Before you begin, you must install Splunk and make sure you have a account so that you can download the Splunk Enterprise trial used in this tutorial. Your account is also used to download and install apps from Splunkbase directly through Splunk Web. Once you have set up your account, install Splunk Enterprise using one of the following methods:

  • Get Splunk Enterprise using Docker.
    1. Install Docker.
    2. From a terminal command prompt, run:
    3. docker run -it -v ${PWD}/etc:/opt/splunk/etc -p 8000:8000 splunk/splunk
  • Get Splunk Enterprise by downloading it from

This tutorial focuses on building apps using Splunk Enterprise. There are other versions of Splunk you might be interested in, including Splunk Light and Splunk Cloud. Keep in mind the following:

  • Splunk Light doesn't support custom-built apps.
  • Cloud apps must be vetted by Splunk before they can run on Splunk Cloud.

Once you have installed Splunk Enterprise, consider getting a Splunk developer license. This license is optional, but it provides many benefits. For example, a Splunk developer license allows you to index up to 10GB of data per day, which is useful as you begin to experiment with Splunk and build apps. To take advantage of those benefits, you'll need to apply your Splunk developer license.

Next, you'll need to understand the basics of using Splunk software. Make sure you can do the following:

Finally, go to Splunkbase for the hundreds of apps and add-ons, many of which are open source, that you can use or extend to get results faster.

Next step

Create your first app