Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
23 views24 pages

Onboard Your Data Faster Using The Splunk Add On Builder

The document presents an overview of Splunk's Add-on Builder, a tool designed to streamline the creation of add-ons for data collection and enrichment. It highlights features of version 2.0, including UI-based add-on creation, modular input generation, CIM mapping, and health validation. The Add-on Builder aims to enhance development efficiency, maintain best practices, and support integration with various data sources.

Uploaded by

RIYA MATHEW
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
23 views24 pages

Onboard Your Data Faster Using The Splunk Add On Builder

The document presents an overview of Splunk's Add-on Builder, a tool designed to streamline the creation of add-ons for data collection and enrichment. It highlights features of version 2.0, including UI-based add-on creation, modular input generation, CIM mapping, and health validation. The Add-on Builder aims to enhance development efficiency, maintain best practices, and support integration with various data sources.

Uploaded by

RIYA MATHEW
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

Copyright © 2016 Splunk Inc.

Onboard your data faster with Add-on


Builder
Elias Haddad
Sr. Product Manager, Splunk
Gordon Wang
Sr. SoCware Engineer, Splunk
Disclaimer
During the course of this presentaMon, we may make forward looking statements regarding future
events or the expected performance of the company. We cauMon you that such statements reflect our
current expectaMons and esMmates based on factors currently known to us and that actual events or
results could differ materially. For important factors that may cause actual results to differ from those
contained in our forward-looking statements, please review our filings with the SEC. The forward-
looking statements made in the this presentaMon are being made as of the Mme and date of its live
presentaMon. If reviewed aCer its live presentaMon, this presentaMon may not contain current or
accurate informaMon. We do not assume any obligaMon to update any forward looking statements we
may make. In addiMon, any informaMon about our roadmap outlines our general product direcMon and is
subject to change at any Mme without noMce. It is for informaMonal purposes only and shall not, be
incorporated into any contract or other commitment. Splunk undertakes no obligaMon either to develop
the features or funcMonality described or to include any such feature or funcMonality in a future release.

2
Agenda
Why Add-on Builder
What is Add-on Builder
Features Highlights
What’s new in Add-on Builder 2.0
Demo
Q&A

3
All Data is Relevant

Databases Email Web Desktops Servers DHCP/ DNS Network


Flows

Custom
Hypervisor Badges Firewall AuthenMcaMon Vulnerability Apps Service
Scans Desk

Intrusion Data Loss AnM- Industrial Call


Storage Mobile
DetecMon PrevenMon Malware Control Records

4
Why Add-on Builder
Expand the ecosystem of Partners, Vendors, and Customers
building Add-ons
Reduce the 2me spent by engineers building one-off Add-ons
Improve consistency and adherence to best prac2ces
Enable Development Partners with the right tools to be
successful

Accelerate development beyond what we can do alone

5
Refresher: What is an Add-on?

• Data CollecMon – Modular Input


• AbstracMon layer:
- Field ExtracMon
- CIM, Domain Add-on Mapping
- Indexed-Mme extracMon
• Data Enrichment using lookups
• Modular Alerts
• Saved Searches
• Pre-Built Panels

6
What is Add-on Builder
Splunk Add-on Builder is an App on Splunkbase:
– hdps://splunkbase.splunk.com/app/2962/
The goals of the Splunk Add-on Builder are to:
– Guide you through all of the necessary steps of creaMng an add-on
– Reduce development and tesMng Mme
– Follow best pracMces and naming convenMons
– Maintain CIM compliance
– Maintain quality of add-ons
– Validate and test the add-on, helping you to idenMfy any limitaMons such as
compaMbiliMes and dependencies
– Maintain a consistent look and feel while sMll making it easy for you to add
branding
What does Splunk Add-on Builder do?
Automate code genera2on
• IntuiMve and process driven UI
• Supports mulMple input types, including shell, REST, and Splunk Python SDK

Extract and Map fields


• Extract fields using automated event analysis
• Map fields to CIM with click of budon

Score Health of Add-on


• Validate for CIM compliance and naming convenMons (best pracMces?)
• Detect problems with field extracMon

Create Add-on using step by step process


8
Add-on Builder Feature Highlights

• Version 2.0.0 Features Highlight


UI based Add-on creaMon Show via demo

UI Based Add-on creaMon


Maintains a consistent look
and feel while sMll making it
easy for you to add branding
Upload your add-on Logo and
pick your color theme

10
Modular Input Show via demo

Modular Input ease of creaMon


If you have simple REST API:
– We can generate the mod input
for you without wriMng a single
line of code.
– Can be tokenized

If you have shell command or


script
– We will generate the mod input
for you
– Can be tokenized
Real Mme code validaMon

11
Add-on Setup Show via demo

Allows you to generate and


build setup page without
having to deal with
setup.xml.
Create you setup parameters
or select default ones.
Support mulM-account
InteracMve
Out of the box proxy
support, password
encrypMon, logging

12
Advanced Modular Input Show via demo

If you have more advanced


data collecMon logic
Real Mme code validaMon
Includes library:
– CheckpoinMng
– Reading encrypted password
from storage/password
endpoint
– Proxy
– Accessing parameter values
from setup page

13
Field ExtracMon Show via demo

Support various format including Unstructured, KV, tabular and


JSON
Leverages machine learning clustering algorithm to group events
based on format similarity
AutomaMcally generate regex for field extracMon

14
CIM Mapping Show via demo

UI based CIM mapping


Map your Add-on fields to
the Common informaMon
model in a click of a
budon

15
Health ValidaMon Show via demo

Validate you Add-on for:


– Best pracMces
– CIM compliance

Detect any field extracMon


problems
Detect any problems with
you modular inputs
CerMficaMon readiness on
roadmap
16
Whats new in Add-on Builder 2.0

• Version 2.0.0 Features Highlight


CerMficaMon check Show via demo

Get pre-cerMfied with a click


of a budon
Relies on backend online
cerMficaMon services to run
check
Add-on Builder pushes the
Add-on package to the
service and waits for results
to be returned.
Results are displayed on
validaMon step in Add-on
Builder.

18
Alert AcMon Show via demo

Alert AcMon allows Splunk


admins to take automaMc
acMons from Splunk alert
Example of exisMng Custom
Alert acMons on Splunkbase:
ServiceNow Incident
creaMon, Hipchat
noMficaMons
Add-on Builder allows you to
build test and validate
Custom Alert AcMon in a
simple UI based workflow.
19
Alert AcMon– AdapMve Response Show via demo
Splunk Enterprise Security
developed the AdapMve
Response iniMaMve to connect
Splunk with third part security
systems
AdapMve Response is built on
top of acMon alert to define
the interacMons between
Enterprise Security UI and the
undelying acMon alert.
Supports adhoc acMons and
alerts/automated
20
QuesMons

• Version 2.0.0 Features Highlight


THANK YOU
Where can I download this app?

hAps://splunkbase.splunk.com/app/2962/#/overview

23
Data models covered by CIM
• Alerts • Java Virtual Machines
• ApplicaMon State • Malware
• AuthenMcaMon • Network Sessions
• Change Analysis
• Network Traffic
• Databases
• Performance
• Email
• Splunk Audit Logs
• Interprocess Messaging
• Intrusion DetecMon/ • VulnerabiliMes
PrevenMon • Web
• Inventory
24

You might also like