All Apps and Add-ons

Splunk Security Essentials 3.7.0 a SPL and not a TGZ?


I noticed that when I downloaded the newest verison of Splunk Security Essentials 3.7.0, it is a SPL and not a TGZ like all of the other splunk apps are. We have it programmed when uploading this zipped file to take in TGZ and not SPL. Do I need to zip this as a TGZ? What's up with that?


Labels (2)
0 Karma


From a Splunk-perspective, a file with a .spl extension is actually just a .tgz that has been renamed to indicate that the archive contains a Splunk add-on.

You don't need to do anything special with .spl files; they are supported in Splunk and you should be able to open them with common archiving programs.

0 Karma

Splunk Employee
Splunk Employee

It's still a tgz file; you can rename it from *.spl to *.tgz and use it directly.

0 Karma
Get Updates on the Splunk Community!

Streamline Data Ingestion With Deployment Server Essentials

REGISTER NOW!Every day the list of sources Admins are responsible for gets bigger and bigger, often making the ...

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

REGISTER NOW!Join us for a Tech Talk around our latest release of Splunk Enterprise Security 7.2! We’ll walk ...

Introduction to Splunk AI

WATCH NOWHow are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. ...