All Apps and Add-ons

Splunk App Packaging: How to package Splunk app with eventgen/ and other directories?

pdaigle_splunk
Splunk Employee
Splunk Employee

I've built an app that must use the Splunk eventgen from github as well as the custom eventgen directory I created to house my event.conf and sample file that the eventgen uses. I've tried to tar my app with both the eventgen/ and internal_eventgen/ directories so that they all get installed with the app package, but when I test my .spl file I get an error in Splunk saying "There was an error processing the upload."

Can I do this? If yes, how do I get around this error? Any advice so that the eventgen and related/required eventgen configuration can be included with my .spl package would greatly be appreciated.

TYIA!
Paul

0 Karma
1 Solution

jconger
Splunk Employee
Splunk Employee

Your packaged application should only contain your eventgen.conf file and you samples referenced in this file. Here is an example directory structure:

$SPLUNK_HOME/
  etc/
      apps/
          YOUR_APP/
              default/
                  eventgen.conf
              samples/
                  sample_files

Take a look at the Cisco ASA add-on for a good example.

If someone wants to generate events based off or your eventgen.conf file and samples, they will need to install the eventgen app onto their Splunk instance.

View solution in original post

jconger
Splunk Employee
Splunk Employee

Your packaged application should only contain your eventgen.conf file and you samples referenced in this file. Here is an example directory structure:

$SPLUNK_HOME/
  etc/
      apps/
          YOUR_APP/
              default/
                  eventgen.conf
              samples/
                  sample_files

Take a look at the Cisco ASA add-on for a good example.

If someone wants to generate events based off or your eventgen.conf file and samples, they will need to install the eventgen app onto their Splunk instance.

pdaigle_splunk
Splunk Employee
Splunk Employee

So though I can ta/gzip the package with the eventgen stuff, Splunk's app management/installation will not allow me to include all the directory and files associated with eventgen/? I'd really like to have this so that a customer could install it in one shot like that......

0 Karma

jconger
Splunk Employee
Splunk Employee

The GUI installation feature of Splunk is meant to install a single app. It sounds like you are trying to package 2 apps together (your application and the eventgen application). This won't work in the Splunk web GUI. But, you can have your customer uncompress your 2 applications together in $SPLUNK_HOME/etc/apps outside of the GUI. The directory structure should like like this in the end:

$SPLUNK_HOME/
  etc/
    apps/
       YOUR_APP/
       SA-Eventgen/
0 Karma

pdaigle_splunk
Splunk Employee
Splunk Employee

Yes, that's exactly what I was trying to do. But I think since we now have the Eventgen on splunkbase.splunk.com (or at least a reference so that people can go download it and use it) I'll do what you recommended and just keep the eventgen/ separate. I just did a test run of the app I'm creating with the eventgen.conf and samples/ directory in my app and then installed the eventgen via the Splunk web gui and it worked fine. Yes, its another step for people, but it keeps the package clean and plus, I do want to upload this one to splunkbase.splunk.com.

Thanks Jason!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...