Getting Data In

How to install local app via rest API?

kenchansan
New Member

Hi All, trying to install an app I have locally via API.

I have tried both curl command and python script

Curl Command:

curl -k -u admin:YOUR_SPLUNK_PASSWORD \ -X POST https://YOUR_SPLUNK_HOST:8089/services/apps/local \ -H "Content-Type: multipart/form-data" \ -F "name=appname" \ -F "appfile=@/path/to/your/app_package.tar.gz"

The error I get is the following:

<msg type="ERROR">Error during app install: failed to extract app from app_package.tar.gz to /opt/splunk/var/run/splunk/bundle_tmp/7391c87f2a023fd5: No such file or directory</msg>

Python script:

import splunklib.client as client
import splunklib.results as results
import requests

# Splunk server details
splunk_host = 'hostname'
splunk_port = 8089
splunk_username = 'splunk_user'
splunk_password = 'splunk_password'

# App installation details
app_package_path = '/path/to/custom_app.tgz'
app_name = 'custom_app'

# Connect to Splunk
service = client.connect(
host=splunk_host,
port=splunk_port,
username=splunk_username,
password=splunk_password
)

# Install the app
try:
endpoint = f'/services/apps/local'
headers = {'Authorization': f'Splunk {service.token}'}
files = {'app_package': open(app_package_path, 'rb')}
data = {'app': app_name}

app_response = requests.post(
f'https://{splunk_host}:{splunk_port}{endpoint}',
headers=headers,
files=files,
data=data,
verify=False # Disabling SSL certificate verification (for self-signed certificates)
)

app_status = app_response.status_code

if app_status == 200:
print(f"App '{app_name}' was successfully installed.")
else:
print(f"Failed to install app '{app_name}'. Status code: {app_status}")

except Exception as e:
print(f"An error occurred: {str(e)}")

# Disconnect from Splunk
service.logout()

 

The error I get:

/usr/lib/python3/dist-packages/urllib3/connectionpool.py:1015: InsecureRequestWarning: Unverified HTTPS request is being made to host '127.0.0.1'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
warnings.warn(
Failed to install app 'custom_app'. Status code: 400

In both cases, I have confirmed that I am able to connect and query Splunk, so there shouldn't be any connectivity issues. I have also confirmed that I can manually install the app so there shouldn't be any issues with the tgz file.

Labels (1)
0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

local installation means that app package must be on splunk server not on you local workstation. See old post 

r. Ismo

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...