Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to install local app via rest API?

kenchansan
New Member
‎08-08-2023 06:30 PM

Hi All, trying to install an app I have locally via API.

I have tried both curl command and python script

Curl Command:

curl -k -u admin:YOUR_SPLUNK_PASSWORD \ -X POST https://YOUR_SPLUNK_HOST:8089/services/apps/local \ -H "Content-Type: multipart/form-data" \ -F "name=appname" \ -F "appfile=@/path/to/your/app_package.tar.gz"

The error I get is the following:

<msg type="ERROR">Error during app install: failed to extract app from app_package.tar.gz to /opt/splunk/var/run/splunk/bundle_tmp/7391c87f2a023fd5: No such file or directory</msg>

Python script:

import splunklib.client as client
import splunklib.results as results
import requests

# Splunk server details
splunk_host = 'hostname'
splunk_port = 8089
splunk_username = 'splunk_user'
splunk_password = 'splunk_password'

# App installation details
app_package_path = '/path/to/custom_app.tgz'
app_name = 'custom_app'

# Connect to Splunk
service = client.connect(
host=splunk_host,
port=splunk_port,
username=splunk_username,
password=splunk_password
)

# Install the app
try:
endpoint = f'/services/apps/local'
headers = {'Authorization': f'Splunk {service.token}'}
files = {'app_package': open(app_package_path, 'rb')}
data = {'app': app_name}

app_response = requests.post(
f'https://{splunk_host}:{splunk_port}{endpoint}',
headers=headers,
files=files,
data=data,
verify=False # Disabling SSL certificate verification (for self-signed certificates)
)

app_status = app_response.status_code

if app_status == 200:
print(f"App '{app_name}' was successfully installed.")
else:
print(f"Failed to install app '{app_name}'. Status code: {app_status}")

except Exception as e:
print(f"An error occurred: {str(e)}")

# Disconnect from Splunk
service.logout()

 

The error I get:

/usr/lib/python3/dist-packages/urllib3/connectionpool.py:1015: InsecureRequestWarning: Unverified HTTPS request is being made to host '127.0.0.1'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
warnings.warn(
Failed to install app 'custom_app'. Status code: 400

In both cases, I have confirmed that I am able to connect and query Splunk, so there shouldn't be any connectivity issues. I have also confirmed that I can manually install the app so there shouldn't be any issues with the tgz file.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-23-2023 10:30 AM

Hi

local installation means that app package must be on splunk server not on you local workstation. See old post 

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco &#43; Splunk! We’ve ...

Enterprise Security Content Update (ESCU) | New Releases

In April, the Splunk Threat Research Team had 2 releases of new security content via the Enterprise Security ...
Top