Skip to content

Overview

splunk-add-on-ucc-framework is a framework to generate UI-based Splunk add-ons. It includes UI, REST handlers, Modular inputs, OAuth and Alert action templates.

Only add-ons that use Python 3 are supported.

It is available as a GitHub action here: https://github.com/splunk/addonfactory-ucc-generator-action

You can use Splunk Extension for VSCode as well.

What is UCC?

UCC stands for Universal Configuration Console. The purpose of having a framework for add-on generation is to simplify the process of add-on creation for developers. UCC 5 uses SplunkUI, which is a new UI framework based on React. The UCC UI repository can be found in the ui folder.

UCC-based add-ons are being powered by Splunk libraries: solnlib and splunktaucclib. More information here.

Features

The splunk-add-on-ucc-framework:

  • generates UI (appserver folder).
  • generates Python REST handlers to support UI CRUD operations (bin folder).
  • generates OpenAPI description documents (appserver/static/openapi.json file) (for more information, see here).
  • generates .conf files (more information, see here).
  • installs Python requirements (lib folder).
  • generate metadata files (metadata folder).
  • generates the monitoring dashboard (for more information, see here).
  • it possibly extends the UI with custom codes (for more information, see here).
  • it possibly extends the build process via a additional_packaging.py file (more information, here).
  • generates the necessary files defined for the Alert Action, if defined in globalConfig (for more informaiton, see here).

Installation

splunk-add-on-ucc-framework is available on PyPI.

Caveats

  • Some specific Python libraries (such as google-cloud-bigquery) use .so files to operate. pip will install OS-specific versions of those .so files, which makes it impossible to use such add-ons on a Windows machine since it was built for macOS.