Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to install local app via rest API?

kenchansan
New Member
‎08-08-2023 06:30 PM

Hi All, trying to install an app I have locally via API.

I have tried both curl command and python script

Curl Command:

curl -k -u admin:YOUR_SPLUNK_PASSWORD \ -X POST https://YOUR_SPLUNK_HOST:8089/services/apps/local \ -H "Content-Type: multipart/form-data" \ -F "name=appname" \ -F "appfile=@/path/to/your/app_package.tar.gz"

The error I get is the following:

<msg type="ERROR">Error during app install: failed to extract app from app_package.tar.gz to /opt/splunk/var/run/splunk/bundle_tmp/7391c87f2a023fd5: No such file or directory</msg>

Python script:

import splunklib.client as client
import splunklib.results as results
import requests

# Splunk server details
splunk_host = 'hostname'
splunk_port = 8089
splunk_username = 'splunk_user'
splunk_password = 'splunk_password'

# App installation details
app_package_path = '/path/to/custom_app.tgz'
app_name = 'custom_app'

# Connect to Splunk
service = client.connect(
host=splunk_host,
port=splunk_port,
username=splunk_username,
password=splunk_password
)

# Install the app
try:
endpoint = f'/services/apps/local'
headers = {'Authorization': f'Splunk {service.token}'}
files = {'app_package': open(app_package_path, 'rb')}
data = {'app': app_name}

app_response = requests.post(
f'https://{splunk_host}:{splunk_port}{endpoint}',
headers=headers,
files=files,
data=data,
verify=False # Disabling SSL certificate verification (for self-signed certificates)
)

app_status = app_response.status_code

if app_status == 200:
print(f"App '{app_name}' was successfully installed.")
else:
print(f"Failed to install app '{app_name}'. Status code: {app_status}")

except Exception as e:
print(f"An error occurred: {str(e)}")

# Disconnect from Splunk
service.logout()

 

The error I get:

/usr/lib/python3/dist-packages/urllib3/connectionpool.py:1015: InsecureRequestWarning: Unverified HTTPS request is being made to host '127.0.0.1'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
warnings.warn(
Failed to install app 'custom_app'. Status code: 400

In both cases, I have confirmed that I am able to connect and query Splunk, so there shouldn't be any connectivity issues. I have also confirmed that I can manually install the app so there shouldn't be any issues with the tgz file.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-23-2023 10:30 AM

Hi

local installation means that app package must be on splunk server not on you local workstation. See old post 

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...