I'm considering building an app to plug into Splunk 4 to do custom data collection, custom, reporting, etc. (like I see other splunk apps doing) but focused on .NET and J2EE web apps. I'm looking for hints, tips, best practices, etc. to give me a leg up beyond what I can find in the splunk documentation.
Anyone have a good list of links and/or personal experience feedback about building a splunk 4 app?
Hi,
I'm the Splunk Developer Manual writer, and I'm happy to give you help. We are always working on making our documentation more clear and helpful. Have you looked at the Developer docs yet? If you have but haven't found what you're looking for, I'd like to hear about it. If you haven't then you might find some helpful hints.
The best place to start is with App Builder. There's a sample App template that has a bunch of views and saved searches built in already. You can change these so they fit your use case, and add a couple data inputs that read in the data you want to index (in your case, .NET and J2EE). Then, see what neat searches and reports you can build on top of this data, and build out dashboards and form searches that showcase the useful information from the data inputs you've pulled in.
There's more to it, but that's a good place to start. Feel free to email me, check out the Splunk IRC channel, or post on Splunk's forums for more help. The Support portal has more info:
Cheers, Emma
Been building Splunk apps for around three months. Pretty easy overall. One of the most difficult things for us is making the app easy to use in a distributed environment. So we have three different apps; one for the forwarder, indexer and search head.
We've been in a Java environment, picking up log4j/slf4j output for a while. No trouble whatsoever. Just try to not make your field extraction tightly coupled with log format, since the log format can be changed.
In our environment, it's useful to figure out derived events, like when tomcat restarts, and when a webapp fails to deploy.
Hey cmonkey - that sounds awesome. I'd like to talk to you re: your app-building experience.
I'm the Splunk community guy, and I'm responsible for talking to guys like you about posting your stuff on Splunkbase.com. Let me know if you'd like to discuss in the near future.