splunk-labs - Google Code

License:	New BSD License
Labels:	splunk, search, logfiles, REST, API, indexing

Show all Featured Wiki Pages:
SplunkAuth SplunkEndpoints

Blogs:	Splunk Developer's Blog
Groups:	Splunk Labs

Join project

Project owners:
	kordless, budchee, johnvey
Project members:
	aspina, ruairi, Badmonkey283, inder.sabharwal, benstraw, feorlen, sircrustyjackson, djpiebob, jgatt81, nmealy, harper.mann

Project Overview

Splunk Labs is a resource for developers wanting to extend the core functionality of Splunk's Platform to build their applications.

More information about developing on the platform is available on the developer's page and Splunk's developer blogs.

You'll need to download the latest version of Splunk from their website. An account is required to download the newer versions of Splunk. If you are using an older version of Splunk, it is recommended you upgrade to get the latest version with the newer REST endpoints.

You can refer to the installation instructions from Splunk's documentation pages. These instructions are made for the released version of Splunk, and may not work for installing the Preview version.

Once you get Splunk installed, you can start accessing the APIs through the REST enpoints located on the Splunk server, splunkd. We use Python in the examples below, but you can use any REST enabled language to talk to Splunk's server.

Splunk's endpoints - get started by talking to the REST endpoints directly.
Authenticating - get an auth token to talk to the Splunk server
Start a job - start a new search job on the server
Get the results - using the job id, return the results and do something useful

Skinning Splunk Applications

If you want to change the way Splunk looks, you can change the interface's CSS files.

Skinning Splunk - explanation of how to change the themes in Splunk
Reference - skinning documentation reference

Programming Resources

Splunk's APIs use REST, which requires the programmer to handle connecting to the web and parsing XML bits coming back from the server. The following SDKs provide a more manageable interface for dealing with Splunk, and can help lower the amount of development time.

.NET - Google Code page for the .NET SDK wrappers for the Splunk APIs
Python - embedded Python SDK shipping with Preview release
Flash - Google Code page for the upcoming Flash SDK
Java - Google Code page for the Java SDK
PHP - Google Code page for the PHP SDK

Languages we'd like to have soon:

Python (external)
Perl
Javascript
Ruby/RAILS

Other Resources

Wikipedia's article on REST, which basically says that "The World Wide Web is the key example of a RESTful design".

Contributing

This is a community based development wiki for application projects based on Splunk's platform and REST APIs. If you want to contribute code, links or content to these pages, you need to be added to the project's member list.

You can request to join the Splunk Labs project here on Google Code by emailing your Gmail email address in the SUBJECT line of your email to splunk-labs@splunk.com.

If you have some code that you want to contribute, and want to host it on Google Code, you can create a new project and then have us link to it from here. To be consistent, name your project something like splunk-myproject.

Other Splunk Related Projects

Replay - Flash based visualization application for Splunk
IP Tagging Utility - GeoIP lookups for IPs in your events

More Project Ideas

Much like writing code for a database, there are tons of practical use cases for Splunk's indexing server. The Splunk Hacks page lists over 50 possible ideas for projects using Splunk. Some of them are simply brilliant, others are completely ridiculous (but still would be cool to see implemented).

If you are looking for a good excuse to write some code against Splunk, now's your chance. Grab a project idea, create a project for it and get busy!