- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Using the REST API to install an app from a file
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Under the topic POST apps/appinstall in the REST API manual, it says that appinstall "Installs a Splunk app from a local file or from a URL."
What is the meaning of "local file"? Is the file on the Splunk server or is it local to the machine that is posting the request? For example, I have an app on my laptop that I want to install on a remote Splunk machine using the REST API - will this work? [If you can answer any of these questions, you can skip the rest of this!]
Also, if I want to use python to make the REST API call, how do I set up the call using the Python SDK? Here is some code, but it doesn't work
install_endpoint=client.Endpoint("/services/apps/appinstall","")
app_to_install = { 'name' : "/mylaptop/myApp.spl" }
response = install_endpoint.post(path_segment='', owner=None, app=None, sharing=None, **app_to_install)
This code dies with an error on the third line "AttributeError: 'str' object has no attribute '_abspath'"
Note that prior to this snippet, the code was able to connect to the Splunk server and list the apps that were already installed on the machine. So I think that I just don't understand the arguments to the post function, and maybe I don't understand other aspects of the REST API either.
Please don't give me a curl example - I have several of those but I don't know how to map the curl arguments into the Python objects, attributes and functions. I have looked at the Python SDK manual and the REST API manual until I am cross-eyed, and I went through a number of examples that were provided with the SDK as well...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is a file local to the remote Splunk server. I just executed this successfully to verify.
Also , no Splunk restart was required.App was installed and ready to go.
Here is some Python code for you :
import splunklib.client as client
def main():
args = {'host':'remote-splunk','port':8089,'username':'admin','password':'foobar'}
service = client.connect(**args)
params = {'name':'/home/remotedamien/someapp.spl'}
service.post('apps/appinstall',**params)
if __name__ == '__main__':
main();
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is a file local to the remote Splunk server. I just executed this successfully to verify.
Also , no Splunk restart was required.App was installed and ready to go.
Here is some Python code for you :
import splunklib.client as client
def main():
args = {'host':'remote-splunk','port':8089,'username':'admin','password':'foobar'}
service = client.connect(**args)
params = {'name':'/home/remotedamien/someapp.spl'}
service.post('apps/appinstall',**params)
if __name__ == '__main__':
main();
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you!
When I am doing something for the first time, it is often the simple things that stymie me! The example of the service.post() helps a lot.
.conf24 | Day 0
Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...
Troubleshooting the OpenTelemetry Collector
