The Splunk Reference App - PAS teaches you how to develop apps for Splunk. Here, you can explore the evolution of the reference app along with some additional engineering artifacts, like tests, deployment considerations, and tradeoff discussions.
The accompanying Splunk Developer Guide for Building Apps presents a documentary of how the team went about building this reference app. The guide is currently available as a public preview. We welcome your feedback on both the app and the guide.
The PAS app is intended to enable an organization to monitor various document repositories (current and future). Managers and auditors can use the app to see who has viewed, modified, deleted, or downloaded documents or other artifacts from various sources.
Here's what you need to get going with the Splunk Reference App - PAS.
If you haven't already installed Splunk Enterprise, download it at
. For more information about installing and
running Splunk Enterprise and system requirements, see the
Installation Manual.
Install or symlink the main app (pas_ref_app
) to the $SPLUNK_HOME/etc/apps
folder. For linking, use the ln
command on Unix/MacOS or the mklink
command on Windows.
There are several ways for you to feed data into the PAS app.
Ingest your own data. Just make sure those sources are tagged with "change" and "audit",
Use the eventgen app, if you want a simulated data flow. Get it from (note: it may take several minutes before the events start to be generated), or
Consume the test data set provided in the test repo.
The reference app relies on data provider add-ons. Three simulated data providers (file add-on, documents application add-on, database add-on) and one real data provider (Google Drive Data Provider add-on) are made available. Install at least one data provider. You'll find the install scripts for Unix/MacOS and Windows in the /bin
folder. For the Google Drive data provider installation and configuration, see specific instructions in the googledrive_addon/README
folder.
The reference app uses a lookup table which could have been produced by an HR system process. For demonstration purposes, we have encapsulated it in the pas_hr_info
add-on.
(Optional) Certain reference app functionality requires an identity provider. We have used a simulated identity provider.
Create a new user that belongs to the pasadmin or pasuser role, and log in as this new user.
Alternatively, add index 'pas' to the default searchable indexes by going to Splunk Settings -> Access controls -> Role -> admin -> Indexes searched by default and adding 'pas' into the list of default search indexes.
Note: if you are using a Splunk Free license, integrated role-based access control is not available.Thus, you will not be able to add new users or roles and should use the alternative method of adding the pas to the list of indexes searched by default.
Specify at least one department that you want to surface on the Summary dashboard.
For usage see the About page of the app.
Questions, comments, suggestions? To provide feedback about this release, to get help with any problems, or to stay connected with other developers building on Splunk please visit the community site.
File any issues on GitHub.
Community contributions via pull requests are welcomed! Go to the
Open Source page for more information.
Examples, sample code, tests, demo
This is an update of the Splunk Reference App - PAS for Splunk Enterprise 6.5. It includes improvements to:
- Improvements for Splunk Enterprise 6.5
- Improved event generation
- Better refresh of custom visualizations
The most up-to-date version of the release notes is available at
https://github.com/splunk/splunk-ref-pas-code/blob/master/README.md
This reference app comes with an associated guidance on how to build Splunk apps - http://dev.splunk.com/goto/devguide.
This is an update of the Splunk Reference App - PAS to Splunk Enterprise 6.3. It includes new features and improvements, such as custom alerts, keycard tracking dashboard, usage telemetry and refactored Google Drive data provider with a smooth OAuth2 token workflow manifested through the UI.
The most up-to-date version of the release notes is available at
https://github.com/splunk/splunk-ref-pas-code/blob/master/README.md
This reference app comes with an associated guidance on how to build Splunk apps - http://dev.splunk.com/goto/devguide.
The most up-to-date version of the release notes is available at
https://github.com/splunk/splunk-ref-pas-code/blob/master/README.md
This reference app comes with an associated guidance on how to build Splunk apps - http://dev.splunk.com/goto/devguide.
The most up-to-date version of the release notes is available at
https://github.com/splunk/splunk-ref-pas-code/blob/master/README.md
This reference app comes with an associated guidance on how to build Splunk apps.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.