Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How do I automatically package an App with some best practices applied? I am using OS X.

jdonn_splunk
Splunk Employee
Splunk Employee
‎01-30-2016 01:01 AM

I want to automate App creation, but I have a .git folder that does not meet Splunk requirements. Do you have a script that I can use to automatically apply some best practices? I am using OS X.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jdonn_splunk
Splunk Employee
Splunk Employee
‎01-30-2016 01:03 AM

Adjust this script to your liking. Please post any solutions for other OSs below.

#!/bin/bash

### SPLUNK_HOME
SPLUNK_HOME="/opt/splunk"
desktop="/Users/jdonn/Desktop/scripts"
permissions="jdonn:staff"

### Collect and test for App name
if [ "$#" -eq 0 ];then
  echo "Please state the name of the App"
  exit 0
elif [ "$#" -gt 1 ];then
  echo "Just ONE App at a time"
  exit 0
    else
      echo "on we go" 
      app=$BASH_ARGV
      echo "App = $app"
    fi

### Move .git out of the App dir
mv $SPLUNK_HOME/etc/apps/$app/.git /tmp/.

### Remove READMEs and metadata
rm -f $SPLUNK_HOME/etc/apps/$app/metadata/local.meta
rm -f $SPLUNK_HOME/etc/apps/$app/bin/README
rm -f $SPLUNK_HOME/etc/apps/$app/default/data/ui/views/README

### Remove the backup lookup file dir created by the lookup editor
rm -f $SPLUNK_HOME/etc/apps/$app/lookups/lookup_file_backups/

### Ensure permissions are correct
chmod -R 644 $SPLUNK_HOME/etc/apps/$app/*
chmod -R 744 $SPLUNK_HOME/etc/apps/$app/bin/*

### Package App
$SPLUNK_HOME/bin/splunk package app $app

### Mave .git back into the App
mv $SPLUNK_HOME/etc/system/static/app-packages/$app.spl $desktop/.
mv $app.spl $app.tar.gz
chown $permissions $app.tar.gz

### Move the file to the desktop, rename it and fix permissions
mv /tmp/.git $SPLUNK_HOME/etc/apps/$app/.git

### Run App inspect
splunk-appinspect inspect $app.tar.gz --mode precert --included-tags splunk_appinspect --included-tags cloud
### Cloud only - add switch
# splunk-appinspect inspect $app.tar.gz --mode precert --included-tags cloud

exit 0

View solution in original post

Reply
Solved! Jump to solution

czervos
Explorer
‎02-15-2019 08:05 AM

Attempting this in the directory where the app is being developed did not work for me because the

chmod -R 644 $SPLUNK_HOME/etc/apps/$app/*

removes the x bit from all directories under the app folder

As a result the app no longer runs. In addition the subsequent recommended

chmod -R 744 $SPLUNK_HOME/etc/apps/$app/bin/*

to add the +x bit back to the files in the bin directory also fails since the bin directory no longer has the x bit set.

As you can see

chmod: $SPLUNK_HOME/etc/apps/$app/bin/README: Permission denied
chmod: $SPLUNK_HOME/etc/apps/$app/bin/_DEBUG.sh: Permission denied
chmod: $SPLUNK_HOME/etc/apps/$app/bin/delete.py: Permission denied
chmod: $SPLUNK_HOME/etc/apps/$app/bin/package_app.sh: Permission denied
chmod: $SPLUNK_HOME/etc/apps/$app/iRobotHBU/bin/utils: Permission denied

0 Karma
Reply
Solved! Jump to solution
Solution

jdonn_splunk
Splunk Employee
Splunk Employee
‎01-30-2016 01:03 AM

Adjust this script to your liking. Please post any solutions for other OSs below.

#!/bin/bash

### SPLUNK_HOME
SPLUNK_HOME="/opt/splunk"
desktop="/Users/jdonn/Desktop/scripts"
permissions="jdonn:staff"

### Collect and test for App name
if [ "$#" -eq 0 ];then
  echo "Please state the name of the App"
  exit 0
elif [ "$#" -gt 1 ];then
  echo "Just ONE App at a time"
  exit 0
    else
      echo "on we go" 
      app=$BASH_ARGV
      echo "App = $app"
    fi

### Move .git out of the App dir
mv $SPLUNK_HOME/etc/apps/$app/.git /tmp/.

### Remove READMEs and metadata
rm -f $SPLUNK_HOME/etc/apps/$app/metadata/local.meta
rm -f $SPLUNK_HOME/etc/apps/$app/bin/README
rm -f $SPLUNK_HOME/etc/apps/$app/default/data/ui/views/README

### Remove the backup lookup file dir created by the lookup editor
rm -f $SPLUNK_HOME/etc/apps/$app/lookups/lookup_file_backups/

### Ensure permissions are correct
chmod -R 644 $SPLUNK_HOME/etc/apps/$app/*
chmod -R 744 $SPLUNK_HOME/etc/apps/$app/bin/*

### Package App
$SPLUNK_HOME/bin/splunk package app $app

### Mave .git back into the App
mv $SPLUNK_HOME/etc/system/static/app-packages/$app.spl $desktop/.
mv $app.spl $app.tar.gz
chown $permissions $app.tar.gz

### Move the file to the desktop, rename it and fix permissions
mv /tmp/.git $SPLUNK_HOME/etc/apps/$app/.git

### Run App inspect
splunk-appinspect inspect $app.tar.gz --mode precert --included-tags splunk_appinspect --included-tags cloud
### Cloud only - add switch
# splunk-appinspect inspect $app.tar.gz --mode precert --included-tags cloud

exit 0
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...