Since its release in 2016 Visual Studio Code has established itself as a firm favourite with developers. In the 2019 StackOverflow Developers survey, Visual Studio Code was voted the most popular Development Environment.

Visual Studio Code is a code editor with syntax highlighting, debugging and GIT integration. It is made by Microsoft and runs on Mac, Linux and Windows. It’s also Open Source. Crucially it also supports extensions and in January 2020 an extension for Splunk was released. The extension provides:

  • syntax highlighting + more for .conf files
  • ability to run Splunk searches / reports
  • python code debugging features such as breakpoints, step over / step into, variable inspection


Running on a Mac I wanted to install Visual Studio Code and the Splunk Extension, then setup editing of config files on Linux instances running in VMs local to my Mac. Here’s the steps:

  • Download and install Visual Studio Code
    • Visual Studio Code downloads as a zip file and once decompressed there is an executable, not a dmg so it’s not an installer. I just moved the “Visual Studio Code” executable into the Applications folder
  • From the launch screen, look at the Customize section, in Tools and Languages click more
  • A list of all the available extensions appears and you can simply add the term “splunk” to the existing search filter
  • There were five options available with “Splunk Extension” with an author of “Splunk” being the one we are looking for
  • Click on “Splunk Extensions” then Install
  • Once installed there was a notification that selecting a Python Interpreter was required – I had a few options available but chose the /usr/local/bin/python3 option

Connect to Splunk Server

To connect to a remote server via SSH another extension is required, from within Visual Studio Code:

  • Click on the extensions icon on the left hand side
  • search for and install “Remote – SSH”
  • In the bottom left there is now a green icon that allows access to the Remote – SSH command
  • You can then go ahead and setup connections to your splunk server – you will want to connect as the user that owns the config files (usually splunk) and you do this using username / password or ssh keys
  • Opening a file is then straightforward and you can navigate through the file system to find the file you want to edit


Visual Studio Code
Visual Studio Code Splunk Extension

For 2021 we’ve committed to posting a new Splunk tip every week!

If you want to keep up to date on tips like the one above then sign up below:

Subscribe to our newsletter to receive regular updates from iDelta, including news and updates, information on upcoming events, and Splunk tips and tricks from our team of experts. You can also find us on Twitter and LinkedIn.


* indicates required
Posted by:Stuart Robertson

Stuart Robertson is the Consulting Director at iDelta. He is one of the initial founders of iDelta and has worked there since formation in 2001. Stuart holds various certifications in Core Splunk and ITSI. Stuart also holds a Bsc(Hons) in Computing Science from the University of Glasgow.