Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I automatically package an App with some best practices applied? I am using OS X.

jdonn_splunk
Splunk Employee
Splunk Employee
‎01-30-2016 01:01 AM

I want to automate App creation, but I have a .git folder that does not meet Splunk requirements. Do you have a script that I can use to automatically apply some best practices? I am using OS X.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jdonn_splunk
Splunk Employee
Splunk Employee
‎01-30-2016 01:03 AM

Adjust this script to your liking. Please post any solutions for other OSs below.

#!/bin/bash

### SPLUNK_HOME
SPLUNK_HOME="/opt/splunk"
desktop="/Users/jdonn/Desktop/scripts"
permissions="jdonn:staff"

### Collect and test for App name
if [ "$#" -eq 0 ];then
  echo "Please state the name of the App"
  exit 0
elif [ "$#" -gt 1 ];then
  echo "Just ONE App at a time"
  exit 0
    else
      echo "on we go" 
      app=$BASH_ARGV
      echo "App = $app"
    fi

### Move .git out of the App dir
mv $SPLUNK_HOME/etc/apps/$app/.git /tmp/.

### Remove READMEs and metadata
rm -f $SPLUNK_HOME/etc/apps/$app/metadata/local.meta
rm -f $SPLUNK_HOME/etc/apps/$app/bin/README
rm -f $SPLUNK_HOME/etc/apps/$app/default/data/ui/views/README

### Remove the backup lookup file dir created by the lookup editor
rm -f $SPLUNK_HOME/etc/apps/$app/lookups/lookup_file_backups/

### Ensure permissions are correct
chmod -R 644 $SPLUNK_HOME/etc/apps/$app/*
chmod -R 744 $SPLUNK_HOME/etc/apps/$app/bin/*

### Package App
$SPLUNK_HOME/bin/splunk package app $app

### Mave .git back into the App
mv $SPLUNK_HOME/etc/system/static/app-packages/$app.spl $desktop/.
mv $app.spl $app.tar.gz
chown $permissions $app.tar.gz

### Move the file to the desktop, rename it and fix permissions
mv /tmp/.git $SPLUNK_HOME/etc/apps/$app/.git

### Run App inspect
splunk-appinspect inspect $app.tar.gz --mode precert --included-tags splunk_appinspect --included-tags cloud
### Cloud only - add switch
# splunk-appinspect inspect $app.tar.gz --mode precert --included-tags cloud

exit 0

View solution in original post

Reply
Solved! Jump to solution

czervos
Explorer
‎02-15-2019 08:05 AM

Attempting this in the directory where the app is being developed did not work for me because the

chmod -R 644 $SPLUNK_HOME/etc/apps/$app/*

removes the x bit from all directories under the app folder

As a result the app no longer runs. In addition the subsequent recommended

chmod -R 744 $SPLUNK_HOME/etc/apps/$app/bin/*

to add the +x bit back to the files in the bin directory also fails since the bin directory no longer has the x bit set.

As you can see

chmod: $SPLUNK_HOME/etc/apps/$app/bin/README: Permission denied
chmod: $SPLUNK_HOME/etc/apps/$app/bin/_DEBUG.sh: Permission denied
chmod: $SPLUNK_HOME/etc/apps/$app/bin/delete.py: Permission denied
chmod: $SPLUNK_HOME/etc/apps/$app/bin/package_app.sh: Permission denied
chmod: $SPLUNK_HOME/etc/apps/$app/iRobotHBU/bin/utils: Permission denied

0 Karma
Reply
Solved! Jump to solution
Solution

jdonn_splunk
Splunk Employee
Splunk Employee
‎01-30-2016 01:03 AM

Adjust this script to your liking. Please post any solutions for other OSs below.

#!/bin/bash

### SPLUNK_HOME
SPLUNK_HOME="/opt/splunk"
desktop="/Users/jdonn/Desktop/scripts"
permissions="jdonn:staff"

### Collect and test for App name
if [ "$#" -eq 0 ];then
  echo "Please state the name of the App"
  exit 0
elif [ "$#" -gt 1 ];then
  echo "Just ONE App at a time"
  exit 0
    else
      echo "on we go" 
      app=$BASH_ARGV
      echo "App = $app"
    fi

### Move .git out of the App dir
mv $SPLUNK_HOME/etc/apps/$app/.git /tmp/.

### Remove READMEs and metadata
rm -f $SPLUNK_HOME/etc/apps/$app/metadata/local.meta
rm -f $SPLUNK_HOME/etc/apps/$app/bin/README
rm -f $SPLUNK_HOME/etc/apps/$app/default/data/ui/views/README

### Remove the backup lookup file dir created by the lookup editor
rm -f $SPLUNK_HOME/etc/apps/$app/lookups/lookup_file_backups/

### Ensure permissions are correct
chmod -R 644 $SPLUNK_HOME/etc/apps/$app/*
chmod -R 744 $SPLUNK_HOME/etc/apps/$app/bin/*

### Package App
$SPLUNK_HOME/bin/splunk package app $app

### Mave .git back into the App
mv $SPLUNK_HOME/etc/system/static/app-packages/$app.spl $desktop/.
mv $app.spl $app.tar.gz
chown $permissions $app.tar.gz

### Move the file to the desktop, rename it and fix permissions
mv /tmp/.git $SPLUNK_HOME/etc/apps/$app/.git

### Run App inspect
splunk-appinspect inspect $app.tar.gz --mode precert --included-tags splunk_appinspect --included-tags cloud
### Cloud only - add switch
# splunk-appinspect inspect $app.tar.gz --mode precert --included-tags cloud

exit 0
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...