Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to install a remote app into a Splunk Search Head using REST API?

sibiv196
New Member
‎06-04-2023 02:59 AM

I need to write a python script to install an app/add-on to the remote Splunk search head.

The app file ".spl" and ".tgz" is in the server which hosts my python script.

As far as i understand from all the errors that I got and from documentation, bot services/app/local and services/app/appinstall either searches for a local file or splunkbase but never from a remote server 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎06-05-2023 02:26 AM

Hi

based on documentation and other answers the local in this content means splunk SH server not the local server where you are running your python script! So you must 1st copy your app to target splunk SH server and then you can use a REST api to install it "locally" on that server. See e.g. https://community.splunk.com/t5/Getting-Data-In/Using-the-REST-API-to-install-an-app-from-a-file/td-...

r. Ismo

0 Karma
Reply

sibiv196
New Member
‎06-05-2023 03:57 AM

Thank you @isoutamo  for the reply. 
But is there any known way to install an app from remote server. Thinking of ways even beyond REST API

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎06-05-2023 04:09 AM

I think that only way to install into remote server is via GUI. Just login to remote server (SH or HF and if you have individual indexers then also those can use).  Then open Apps on top navigation bar and select Manage Apps. Then Install App from File and follow instructions.

If you have CI/CD pipeline or possibility to log on shell level to those server, then you can do a scripted installation. 

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...