Getting Data In

How to install local app via rest API?

kenchansan
New Member

Hi All, trying to install an app I have locally via API.

I have tried both curl command and python script

Curl Command:

curl -k -u admin:YOUR_SPLUNK_PASSWORD \ -X POST https://YOUR_SPLUNK_HOST:8089/services/apps/local \ -H "Content-Type: multipart/form-data" \ -F "name=appname" \ -F "appfile=@/path/to/your/app_package.tar.gz"

The error I get is the following:

<msg type="ERROR">Error during app install: failed to extract app from app_package.tar.gz to /opt/splunk/var/run/splunk/bundle_tmp/7391c87f2a023fd5: No such file or directory</msg>

Python script:

import splunklib.client as client
import splunklib.results as results
import requests

# Splunk server details
splunk_host = 'hostname'
splunk_port = 8089
splunk_username = 'splunk_user'
splunk_password = 'splunk_password'

# App installation details
app_package_path = '/path/to/custom_app.tgz'
app_name = 'custom_app'

# Connect to Splunk
service = client.connect(
host=splunk_host,
port=splunk_port,
username=splunk_username,
password=splunk_password
)

# Install the app
try:
endpoint = f'/services/apps/local'
headers = {'Authorization': f'Splunk {service.token}'}
files = {'app_package': open(app_package_path, 'rb')}
data = {'app': app_name}

app_response = requests.post(
f'https://{splunk_host}:{splunk_port}{endpoint}',
headers=headers,
files=files,
data=data,
verify=False # Disabling SSL certificate verification (for self-signed certificates)
)

app_status = app_response.status_code

if app_status == 200:
print(f"App '{app_name}' was successfully installed.")
else:
print(f"Failed to install app '{app_name}'. Status code: {app_status}")

except Exception as e:
print(f"An error occurred: {str(e)}")

# Disconnect from Splunk
service.logout()

 

The error I get:

/usr/lib/python3/dist-packages/urllib3/connectionpool.py:1015: InsecureRequestWarning: Unverified HTTPS request is being made to host '127.0.0.1'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
warnings.warn(
Failed to install app 'custom_app'. Status code: 400

In both cases, I have confirmed that I am able to connect and query Splunk, so there shouldn't be any connectivity issues. I have also confirmed that I can manually install the app so there shouldn't be any issues with the tgz file.

Labels (1)
0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

local installation means that app package must be on splunk server not on you local workstation. See old post 

r. Ismo

0 Karma
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...