All Apps and Add-ons

commands against localhost?

dominiquevocat
SplunkTrust
SplunkTrust

I saw the app and like the concept - that said i am curious, can you run commands against the local machine? and if so how did you pass appinspect since i have several times tried to publish my minimal shell with some scripting and failed publishing each time even after rewriting it in pure python 🙂

Tags (1)
0 Karma
1 Solution

jeffrey_berry
Path Finder

Yes...the "CLI Auto for Splunk" app can be configured by adding a Command Type (a set CLI commands added to the cliauto_cmds.conf file) or using the Custom Command Type (adhoc CLI commands) to run CLI commands against the local machine assuming that a ssh server is active on the machine. Also, I assuming that you referring to the Splunk server hosting the "CLI Auto for Splunk" app as the "local machine". However, it should be highlighted that the "CLI Auto for Splunk" has no hard coded host names/hard code ip addresses (e.g. localhost, 127.0.0.1) or a default node list with the installation files. The user of the app must supply a node list (i.e. host name/ip address list) and proper credentials for the local machine.

To assist with the "failed publishing" and not able to "pass appInspect" issues of your app, more details may be helpful.

  • Are you getting an error upon uploading your app to splunkbase? If so, please share the error message.
  • If you have successfully uploaded your app to splunkbase, are you able to see the "APPINSPECT STATUS" column in splunkbase (see attached screenshot). The "Details" should provide you the info for inspection failure.

alt text

If splunkbase is not publishing the app (i.e. not allowing other users to see the app on splunkbase) after you scheduled it to be published (I do not recall to details to schedule it for publishing), you may wait a few days for the splunkbase team to approve your app. The automated email from splunkbase that I received for my app stated that it takes about 3 business days for approval. Based on my experience, the splunkbase team does not send an email confirming approval/disapproval for the app or provide a status of approval within your account on splunkbase. You may need to contact the splunkbase team if the app is not published in a few days after scheduling it.

As a possible alternative if the "CLI Auto for Splunk" does not meet your use case(s), the "Web Terminal for Splunk" app may be helpful to you since it sounds like your app connects to the Splunk server).

View solution in original post

0 Karma

jeffrey_berry
Path Finder

Yes...the "CLI Auto for Splunk" app can be configured by adding a Command Type (a set CLI commands added to the cliauto_cmds.conf file) or using the Custom Command Type (adhoc CLI commands) to run CLI commands against the local machine assuming that a ssh server is active on the machine. Also, I assuming that you referring to the Splunk server hosting the "CLI Auto for Splunk" app as the "local machine". However, it should be highlighted that the "CLI Auto for Splunk" has no hard coded host names/hard code ip addresses (e.g. localhost, 127.0.0.1) or a default node list with the installation files. The user of the app must supply a node list (i.e. host name/ip address list) and proper credentials for the local machine.

To assist with the "failed publishing" and not able to "pass appInspect" issues of your app, more details may be helpful.

  • Are you getting an error upon uploading your app to splunkbase? If so, please share the error message.
  • If you have successfully uploaded your app to splunkbase, are you able to see the "APPINSPECT STATUS" column in splunkbase (see attached screenshot). The "Details" should provide you the info for inspection failure.

alt text

If splunkbase is not publishing the app (i.e. not allowing other users to see the app on splunkbase) after you scheduled it to be published (I do not recall to details to schedule it for publishing), you may wait a few days for the splunkbase team to approve your app. The automated email from splunkbase that I received for my app stated that it takes about 3 business days for approval. Based on my experience, the splunkbase team does not send an email confirming approval/disapproval for the app or provide a status of approval within your account on splunkbase. You may need to contact the splunkbase team if the app is not published in a few days after scheduling it.

As a possible alternative if the "CLI Auto for Splunk" does not meet your use case(s), the "Web Terminal for Splunk" app may be helpful to you since it sounds like your app connects to the Splunk server).

0 Karma

dominiquevocat
SplunkTrust
SplunkTrust

thanks, i am aware of the webterminal - that is what i modified heavily to add a minimal bash like shell with some scripting abilities - you can check it out at https://github.com/dominiquevocat/minishell

0 Karma
Get Updates on the Splunk Community!

Monitoring MariaDB and MySQL

In a previous post, we explored monitoring PostgreSQL and general best practices around which metrics to ...

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Splunk Federated Analytics for Amazon Security Lake

Thursday, November 21, 2024  |  11AM PT / 2PM ET Register Now Join our session to see the technical ...