Getting Data In

How do I automatically package an App with some best practices applied? I am using OS X.

Splunk Employee
Splunk Employee

I want to automate App creation, but I have a .git folder that does not meet Splunk requirements. Do you have a script that I can use to automatically apply some best practices? I am using OS X.

0 Karma
1 Solution

Splunk Employee
Splunk Employee

Adjust this script to your liking. Please post any solutions for other OSs below.

#!/bin/bash

### SPLUNK_HOME
SPLUNK_HOME="/opt/splunk"
desktop="/Users/jdonn/Desktop/scripts"
permissions="jdonn:staff"

### Collect and test for App name
if [ "$#" -eq 0 ];then
  echo "Please state the name of the App"
  exit 0
elif [ "$#" -gt 1 ];then
  echo "Just ONE App at a time"
  exit 0
    else
      echo "on we go" 
      app=$BASH_ARGV
      echo "App = $app"
    fi

### Move .git out of the App dir
mv $SPLUNK_HOME/etc/apps/$app/.git /tmp/.

### Remove READMEs and metadata
rm -f $SPLUNK_HOME/etc/apps/$app/metadata/local.meta
rm -f $SPLUNK_HOME/etc/apps/$app/bin/README
rm -f $SPLUNK_HOME/etc/apps/$app/default/data/ui/views/README

### Remove the backup lookup file dir created by the lookup editor
rm -f $SPLUNK_HOME/etc/apps/$app/lookups/lookup_file_backups/

### Ensure permissions are correct
chmod -R 644 $SPLUNK_HOME/etc/apps/$app/*
chmod -R 744 $SPLUNK_HOME/etc/apps/$app/bin/*

### Package App
$SPLUNK_HOME/bin/splunk package app $app

### Mave .git back into the App
mv $SPLUNK_HOME/etc/system/static/app-packages/$app.spl $desktop/.
mv $app.spl $app.tar.gz
chown $permissions $app.tar.gz

### Move the file to the desktop, rename it and fix permissions
mv /tmp/.git $SPLUNK_HOME/etc/apps/$app/.git

### Run App inspect
splunk-appinspect inspect $app.tar.gz --mode precert --included-tags splunk_appinspect --included-tags cloud
### Cloud only - add switch
# splunk-appinspect inspect $app.tar.gz --mode precert --included-tags cloud

exit 0

View solution in original post

Explorer

Attempting this in the directory where the app is being developed did not work for me because the

chmod -R 644 $SPLUNK_HOME/etc/apps/$app/*

removes the x bit from all directories under the app folder

As a result the app no longer runs. In addition the subsequent recommended

chmod -R 744 $SPLUNK_HOME/etc/apps/$app/bin/*

to add the +x bit back to the files in the bin directory also fails since the bin directory no longer has the x bit set.

As you can see

chmod: $SPLUNK_HOME/etc/apps/$app/bin/README: Permission denied
chmod: $SPLUNK_HOME/etc/apps/$app/bin/_DEBUG.sh: Permission denied
chmod: $SPLUNK_HOME/etc/apps/$app/bin/delete.py: Permission denied
chmod: $SPLUNK_HOME/etc/apps/$app/bin/package_app.sh: Permission denied
chmod: $SPLUNK_HOME/etc/apps/$app/iRobotHBU/bin/utils: Permission denied

0 Karma

Splunk Employee
Splunk Employee

Adjust this script to your liking. Please post any solutions for other OSs below.

#!/bin/bash

### SPLUNK_HOME
SPLUNK_HOME="/opt/splunk"
desktop="/Users/jdonn/Desktop/scripts"
permissions="jdonn:staff"

### Collect and test for App name
if [ "$#" -eq 0 ];then
  echo "Please state the name of the App"
  exit 0
elif [ "$#" -gt 1 ];then
  echo "Just ONE App at a time"
  exit 0
    else
      echo "on we go" 
      app=$BASH_ARGV
      echo "App = $app"
    fi

### Move .git out of the App dir
mv $SPLUNK_HOME/etc/apps/$app/.git /tmp/.

### Remove READMEs and metadata
rm -f $SPLUNK_HOME/etc/apps/$app/metadata/local.meta
rm -f $SPLUNK_HOME/etc/apps/$app/bin/README
rm -f $SPLUNK_HOME/etc/apps/$app/default/data/ui/views/README

### Remove the backup lookup file dir created by the lookup editor
rm -f $SPLUNK_HOME/etc/apps/$app/lookups/lookup_file_backups/

### Ensure permissions are correct
chmod -R 644 $SPLUNK_HOME/etc/apps/$app/*
chmod -R 744 $SPLUNK_HOME/etc/apps/$app/bin/*

### Package App
$SPLUNK_HOME/bin/splunk package app $app

### Mave .git back into the App
mv $SPLUNK_HOME/etc/system/static/app-packages/$app.spl $desktop/.
mv $app.spl $app.tar.gz
chown $permissions $app.tar.gz

### Move the file to the desktop, rename it and fix permissions
mv /tmp/.git $SPLUNK_HOME/etc/apps/$app/.git

### Run App inspect
splunk-appinspect inspect $app.tar.gz --mode precert --included-tags splunk_appinspect --included-tags cloud
### Cloud only - add switch
# splunk-appinspect inspect $app.tar.gz --mode precert --included-tags cloud

exit 0

View solution in original post

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!