Skip to content

Getting started

Install the UCC framework and start building your first add-on. Then you can build new add-ons from the existing ones.

Prerequisites

Make sure that the following software is installed on your machine:

  • Python 3.7 or later
  • Git

Note: Git is used to generate the add-on version from the Git tags. Alternatively, you can use the --ta-version parameter and specify the version by yourself.

Install

Create and activate the virtual environment

Depending on which operating system you use, follow one of the procedures:

Windows

Set up the Python virtual environment:

 python3 -m venv .venv

If you use cmd.exe, activate the virtual environment with the following command:

.venv\Scripts\activate.bat

If you use PowerShell, activate the virtual environment with the following command:

.venv\Scripts\activate.ps1

macOS, Linux

Set up and activate the Python virtual environment:

 python3 -m venv .venv
 source .venv/bin/activate

Install UCC package

Install UCC package, it is available on PyPI, see https://pypi.org/project/splunk-add-on-ucc-framework/.

pip install splunk-add-on-ucc-framework

Create a new add-on

Initialize a new add-on

ucc-gen init --addon-name "demo_addon_for_splunk" --addon-display-name "Demo Add-on for Splunk" --addon-input-name demo_input

For more information about the add-ons naming convention, see Naming conventions for apps and add-ons in Splunkbase

The new add-on is located in the demo_addon_for_splunk folder.

Build the add-on

ucc-gen build --source demo_addon_for_splunk/package

Package the add-on

ucc-gen package --path output/<add-on-name>

The archive is created on the same level as your globalConfig.json file.

For more information regarding commands, see Commands.

Install the add-on

Go to your Splunk app instance and install this add-on using the generated archive.

After you check that the add-on was loaded correctly and all the basic operations are working, you can extend the functionality of the input by copying and pasting the automatically generated modular inputs file into the package/bin folder. The generated inputs use the Splunk SDK for Python. See https://github.com/splunk/splunk-sdk-python.

After you update the modular input code, you can run ucc-gen again, and then ucc-gen uses updated modular inputs from package/bin instead of generating new ones.