Splunk

Splunk Build-a-thon!

333 Registered Allowed team size: 1 - 2
333 Registered Allowed team size: 1 - 2
REGISTER NOW REGISTER NOW
idea phase
Online
starts on:
Apr 28, 2025, 04:00 PM UTC (UTC)
ends on:
May 26, 2025, 12:00 AM UTC (UTC)
Prototype Phase
Online
starts on:
May 26, 2025, 04:00 PM UTC (UTC)
ends on:
Jun 23, 2025, 12:00 AM UTC (UTC)
About Teams Eligibility Details FAQs Judging Criteria About Splunk Track 1 - Resources Track 2 - Resources Track 3 - Resources Track 4 - Resources Discussion

Track 2 - Resources

Track 2: Splunk Add-On / Integration Development

Tech Stack / Tools

  • Local Splunk Enterprise for Development / Testing

  • SCDE for testing

  • Usage of Splunk’s app development frameworks is recommended but not required

Add-On Requirements

  • The add-on must connect Splunk to an external data source, service, or platform, enabling seamless data ingestion.

  • The add-on should be capable of collecting data from external sources using APIs, logs, event streams, or other methods.

  • Submissions should follow Splunk’s security, performance, and usability best practices as outlined in the Splunk Cloud Ready App Guidelines and align with AppInspect standards.

  • The add-on should allow users to configure settings such as API keys, authentication, data polling intervals, or other necessary parameters for seamless integration.

  • The integration should solve a practical challenge for Splunk customers, such as enhancing security monitoring, improving operational visibility, or streamlining data analytics.

Add-On Functionality

  • The add-on should properly structure and format incoming data for indexing, searching, and analysis in Splunk.

  • The add-on should include useful event extractions, field aliases, tags, lookups, or CIM (Common Information Model) compliance to improve searchability and usability.

  • The add-on should offer an intuitive and well-structured interface, making it easy for users to interact with and extract value from the data.

Deployment / Compatibility

  • The add-on must be installable on SCDE.

  • The add-on should be properly packaged as a Splunk Technology Add-On (TA).

  • Follow Splunk AppInspect guidelines.

Code Submission

  • The add-on’s source code must be submitted via a GitHub, GitLab, or similar source repository. It can be public or private, but private repositories must grant access to judges for evaluation.

  • The submission must include a README file with the following:

    • Setup instructions

    • Usage details

    • Any dependencies / prerequisites required to run the add-on (Optional)

  • Participants must provide clear instructions on how to test the add-on, including:

    • API endpoints used for data ingestion (if applicable)

    • Sample test cases or data

    • Screenshots/logs demonstrating successful integration with Splunk

  • Code should be well-structured, commented, and easy to understand, ensuring maintainability and ease of review by judges.

Documentation

  • Participants must submit a brief (1-page maximum) document or a maximum of 5-minute demo video covering the following:

    • A clear explanation of the problem the add-on solves and how it benefits users.

    • Define the primary users of the add-on (e.g., Splunk admins, security analysts, IT operations teams, etc.).

    • Describe how the add-on interacts with Splunk, including data ingestion, processing, or automation features.

    • A short demo video showcasing the add-on’s functionality, key features, and how users can interact with it. (Optional)

    • Provide a brief technical overview in written form or as a diagram, outlining key components, workflows, and integrations. (Optional)

starts on:
Apr 28, 2025, 04:00 PM UTC (UTC)
closes on:
May 26, 2025, 12:00 AM UTC (UTC)
REGISTER NOW

Social Share

?