Re: How to package custom app in Default splunk pa...

ayush1906 · ‎02-04-2020

Hi folks,

I have a requirement to add custom app in the default splunk executable.

Currently, we are having splunk .tar setup after which we untar it to install and when splunk service starts we place our custom application in the "etc/apps" folder.

I was thinking is it possible that if I untar the setup file, place my app in the "etc/apps" folder and again zip it. following which I give it for deployment so that it's a one-step.

Is it possible or would it result in some hash mismatch since the original setup is getting tempered with?

nickhills · ‎02-05-2020

Is this Splunk Core or Universal Forwarder?
I cant help but think this is not the correct approach, is there a specific reason you can not use a deployment server?

If my comment helps, please give it a thumbs up!

ayush1906 · ‎05-21-2020

hi nick, we were planning on modifying splunk core package, but we have dropped that plan due to too many unknowns.

ayush1906 · ‎02-05-2020

splunk enterprise on a Linux server. this installation will act as a search head

nickhills · ‎02-05-2020

Why cant you use a deployment server?

You can script your install process to automatically add the host to a DS on install, and then use the DS to automatically deploy your custom application. By far and away, this is the better approach.

In my opinion, it is not a sensible choice to "repack" the Splunk provided install with custom code, unless you have a specific use case where alternatives are not available.

If my comment helps, please give it a thumbs up!

How to package custom app in Default splunk package / executable?

other

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...