Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to install local app via rest API?

kenchansan
New Member
‎08-08-2023 06:30 PM

Hi All, trying to install an app I have locally via API.

I have tried both curl command and python script

Curl Command:

curl -k -u admin:YOUR_SPLUNK_PASSWORD \ -X POST https://YOUR_SPLUNK_HOST:8089/services/apps/local \ -H "Content-Type: multipart/form-data" \ -F "name=appname" \ -F "appfile=@/path/to/your/app_package.tar.gz"

The error I get is the following:

<msg type="ERROR">Error during app install: failed to extract app from app_package.tar.gz to /opt/splunk/var/run/splunk/bundle_tmp/7391c87f2a023fd5: No such file or directory</msg>

Python script:

import splunklib.client as client
import splunklib.results as results
import requests

# Splunk server details
splunk_host = 'hostname'
splunk_port = 8089
splunk_username = 'splunk_user'
splunk_password = 'splunk_password'

# App installation details
app_package_path = '/path/to/custom_app.tgz'
app_name = 'custom_app'

# Connect to Splunk
service = client.connect(
host=splunk_host,
port=splunk_port,
username=splunk_username,
password=splunk_password
)

# Install the app
try:
endpoint = f'/services/apps/local'
headers = {'Authorization': f'Splunk {service.token}'}
files = {'app_package': open(app_package_path, 'rb')}
data = {'app': app_name}

app_response = requests.post(
f'https://{splunk_host}:{splunk_port}{endpoint}',
headers=headers,
files=files,
data=data,
verify=False # Disabling SSL certificate verification (for self-signed certificates)
)

app_status = app_response.status_code

if app_status == 200:
print(f"App '{app_name}' was successfully installed.")
else:
print(f"Failed to install app '{app_name}'. Status code: {app_status}")

except Exception as e:
print(f"An error occurred: {str(e)}")

# Disconnect from Splunk
service.logout()

 

The error I get:

/usr/lib/python3/dist-packages/urllib3/connectionpool.py:1015: InsecureRequestWarning: Unverified HTTPS request is being made to host '127.0.0.1'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
warnings.warn(
Failed to install app 'custom_app'. Status code: 400

In both cases, I have confirmed that I am able to connect and query Splunk, so there shouldn't be any connectivity issues. I have also confirmed that I can manually install the app so there shouldn't be any issues with the tgz file.

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-23-2023 10:30 AM

Hi

local installation means that app package must be on splunk server not on you local workstation. See old post 

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...