Splunk 简明教程
Splunk - Apps
Splunk 应用程序是 Splunk 功能的扩展,它拥有自己的内置 UI 上下文,可以满足特定需求。Splunk 应用程序由不同的 Splunk 知识对象(查找、标签、事件类型、已保存的搜索等)组成。应用程序本身可以使用或利用其他应用程序或附加组件。Splunk 可以同时运行任意数量的应用程序。
A Splunk app is an extension of Splunk functionality which has its own in-built UI context to serve a specific need. Splunk apps are made up of different Splunk knowledge objects (lookups, tags, eventtypes, savedsearches, etc). Apps themselves can utilize or leverage other apps or add-ons. Splunk can run any number of apps simultaneously.
当您登录到 Splunk 时,您会进入一个应用程序,通常是 Splunk Search app 。因此,几乎每次您在 Splunk 界面中时,您都在使用应用程序。
When you log in to Splunk, you land on an app which is typically, the Splunk Search app. So, almost everytime you are inside the Splunk interface, you are using an app.
Listing Splunk Apps
我们可以使用选项 Apps → Manage Apps 列出 Splunk 中可用的应用程序。导航此选项会显示以下屏幕,其中列出了 Splunk 界面中可用的现有应用程序。
We can list the available apps in Splunk by using the option Apps → Manage Apps. Navigating this option brings out the following screen which lists the existing apps available in Splunk interface.
以下是与 Splunk 应用程序关联的重要值 −
Following are important values associated with the Splunk apps −
-
Name − It is the name of the App and unique for each App.
-
Folder name It is the name to use for the directory in $SPLUNK_HOME/etc/apps/. The name of the folder cannot contain "dot" (.) character.
-
Version − It is the app version string. Visible Indicates whether the app should be visible in Splunk Web. Apps that contain a user interface should be visible.
-
Sharing − It is the level of permissions (read or write) given to different Splunk users for that specific app.
-
Status − Status: It is the current status of availability of the App. It may be enabled or disabled for use.
App Permissions
正确设置应用程序使用权限非常重要。我们可以将应用程序的使用范围限制为单个用户或多个用户(包括所有用户)。单击上文中的“权限”链接后出现的以下屏幕用于修改对不同角色的访问权限。
A proper setting of permissions for using the app is important. We can restrict the app to be used by a single user or by multiple users including all users. The below screen which appears after clicking on the permissions link in the above is used to modify the access to different roles.
默认情况下,每个人都可以对“读”和“写”选项进行选中。但是,我们可以通过转到每个角色并针对该特定角色选择适当的权限来更改它。
By default, the check marks for Read and Write option is available for Everyone. But we can change that by going to each role and selecting appropriate permission for that specific role.
App Marketplace
Splunk 搜索功能的使用需求范围很广。因此,出现了 Splunk App 市集,其中展示了由个人和组织创建的许多不同的应用程序。它们提供免费和付费版本。我们可以通过选择选项 Apps → Manage Apps → Browse More Apps 浏览这些应用程序。出现以下屏幕。
There is a wide variety of needs for which the Splunk search functionalities are used. So, there is a Splunk App market place which has come into existence show casing many different apps created by individual and organizations. They are available in both free and paid versions. We can browse those apps by choosing the option Apps → Manage Apps → Browse More Apps. The below screen comes up.
如您所见,应用程序名称以及应用程序功能的简要说明都显示出来了。这有助于您决定要使用哪个应用程序。另外,请注意应用程序如何在左侧栏中进行分类,以便更快地选择应用程序类型。
As you can see, the App name along with a brief description of the functionality of the App appears. This helps you decide which app to use. Also, note how the Apps are categorized in the left bar to help choose the type of App faster.