I want to automate installing an app in a Splunk instance, and in trying that (which I did not get working), I came across this:
I created a local Docker Splunk instance by running:
docker run -d \ -p 8000:8000 \ -p 8089:8089 \ -p 8088:8088 \ -p 8191:8191 \ -p 9887:9887 \ -e "SPLUNK_START_ARGS=--accept-license" \ -e "SPLUNK_PASSWORD=PaSSWorD_FoR_SpLuNk" \ --name splunk \ splunk/splunk:latest
First, I got my SplunkBase token:
curl -k -XPOST https://splunkbase.splunk.com/api/account:login/ -d 'username=andycensys&password=MyPassword'
<?xml version="1.0" encoding="utf-8"?> <feed xmlns="http://www.w3.org/2005/Atom"> <title>Authentication Token</title> <updated>2020-06-21T15:35:36.625401+00:00</updated> <id>MyToken</id> </feed>
Having that, I then tried to have my Splunk instance install the Censys app:
curl -k -XPOST \ -u admin:PaSSWorD_FoR_SpLuNk \ https://localhost:8089/services/apps/local/ \ -d name=censys \ -d filename=false \ -d auth=MyToken \ -d update=true
That creates an app called "censys" but does not install the app.
Opening the http://localhost:8000/en-US/manager/launcher/apps/local page to list the apps, the entry for the "censys" app indicates that it knows there is a new version available. It looks like:
Name Folder name Version Update checking
censys | censys | 1.0.0 Overwrite with 1.0.18 | Yes |
That looks promising, sort of. However, clicking on the "Overwrite" link doesn't work.
In web_service.log:
2020-06-21 15:55:45,082 INFO [5eef8301147f1cc8112210] error:321 - Masking the original 404 message: 'The path '/en-US/manager/appinstall/' was not found.' with 'Page not found!' for security reasons
That makes me think that upgrades won't work in general, not just my attempt to install an app from the store.