Welcome to Splunk Labs
Splunk Labs is a resource for developers wanting to extend the core functionality of Splunk's Platform, or build applications requiring Splunk's ability to store massive amounts of unstructured IT data.
More information about developing on the platform is available on the developer's page and Splunk's developer blogs. Support should be handled through the discussions list over on the Splunk Lab's Google Group.
Getting Started
You'll need to download the latest version of Splunk from the website. An account is required to download newer versions of Splunk. If you are using an older version of Splunk, it is recommended you upgrade to get the latest version with the newer REST endpoints.
You can refer to the installation instructions from Splunk's documentation pages. These instructions are made for the released version of Splunk, and may not work for installing Preview versions.
You'll also need a good handle on the Splunk search language:
- Search language cheat sheet - search language cookbook
- Splunk search language reference - search language reference
Programming Your First Application
Once you get Splunk installed, you can start accessing the APIs through the REST endpoints located on the Splunk server, splunkd. We use Python in the examples below, but you can use any RESTful language to talk to Splunk's server.
- Splunk's endpoints - get started by talking to the REST endpoints directly.
- Authenticating - get an auth token to talk to the Splunk server.
- Start a job - start a new search job on the server
- Get the results - using the job id, return the results and do something useful
- Use a SDK - start using one of the SDKs to simplify talking to the REST endpoints
- UI themes - overview of how to skin the Splunk UI
Programming Resources
Splunk's APIs use REST, which requires the programmer to handle connecting to the web and parsing XML bits coming back from the server. The following SDKs provide a more manageable interface for dealing with Splunk, and can help lower the amount of development time.
- .NET - Google Code page for the .NET SDK wrappers for the Splunk APIs
- Embedded Python - embedded Python SDK shipping with Preview release
- Flash - Google Code page for the upcoming Flash SDK
- Java - Google Code page for the Java SDK
- PHP - Google Code page for the PHP SDK
- Perl - Google Code page for the Perl SDK
- Python - Google Code page for the external Python SDK
- AJAX - Google Code page for the AJAX SDK
Languages we'd like to have soon:
- Ruby/RAILS
Tools and add-ons
- Powershell snap-in - Use Splunk API in PowerShell.
- Excel add-on - Use Excel to analyze your Splunk search results.
- Splunk Application builder - Python-based framework for building your first Splunk application.
Contributing
This is a community based development wiki for application projects based on Splunk's platform and REST APIs. If you want to contribute code, links or content to these pages, you need to be added to the project's member list.
You can request to join the Splunk Labs project here on Google Code by emailing your Gmail email address in the SUBJECT line of your email to splunk-labs@splunk.com.
If you have some code that you want to contribute, and want to host it on Google Code, you can create a new project and then have us link to it from here. To be consistent, name your project something like splunk-myproject.
Splunk Related Projects
- Replay - Flash based visualization application for Splunk
- IP Tagging Utility - GeoIP lookups for IPs in your events
More Project Ideas
Splunk's core technology is a highly-scalable IT event database engine, capable of handling insane amounts of unstructured data in an enterprise environment. The Splunk Hacks page lists over 50 possible ideas for projects using Splunk. Some of them are simply brilliant, others are completely ridiculous (but still would be cool to see implemented).
If you are looking for a good excuse to write some code against Splunk, now's your chance. Grab a project idea, create a project for it and get busy!
