Getting Data In

Using the REST API to install an app from a file

Legend

Under the topic POST apps/appinstall in the REST API manual, it says that appinstall "Installs a Splunk app from a local file or from a URL."

What is the meaning of "local file"? Is the file on the Splunk server or is it local to the machine that is posting the request? For example, I have an app on my laptop that I want to install on a remote Splunk machine using the REST API - will this work? [If you can answer any of these questions, you can skip the rest of this!]

Also, if I want to use python to make the REST API call, how do I set up the call using the Python SDK? Here is some code, but it doesn't work

install_endpoint=client.Endpoint("/services/apps/appinstall","")
app_to_install = { 'name' : "/mylaptop/myApp.spl" }
response = install_endpoint.post(path_segment='', owner=None, app=None, sharing=None, **app_to_install)

This code dies with an error on the third line "AttributeError: 'str' object has no attribute '_abspath'"

Note that prior to this snippet, the code was able to connect to the Splunk server and list the apps that were already installed on the machine. So I think that I just don't understand the arguments to the post function, and maybe I don't understand other aspects of the REST API either.

Please don't give me a curl example - I have several of those but I don't know how to map the curl arguments into the Python objects, attributes and functions. I have looked at the Python SDK manual and the REST API manual until I am cross-eyed, and I went through a number of examples that were provided with the SDK as well...

1 Solution

Ultra Champion

It is a file local to the remote Splunk server. I just executed this successfully to verify.

Also , no Splunk restart was required.App was installed and ready to go.

Here is some Python code for you :

import splunklib.client as client

def main():

    args = {'host':'remote-splunk','port':8089,'username':'admin','password':'foobar'}
    service = client.connect(**args)  
    params = {'name':'/home/remotedamien/someapp.spl'}
    service.post('apps/appinstall',**params)

if __name__ == '__main__':
    main();

View solution in original post

Ultra Champion

It is a file local to the remote Splunk server. I just executed this successfully to verify.

Also , no Splunk restart was required.App was installed and ready to go.

Here is some Python code for you :

import splunklib.client as client

def main():

    args = {'host':'remote-splunk','port':8089,'username':'admin','password':'foobar'}
    service = client.connect(**args)  
    params = {'name':'/home/remotedamien/someapp.spl'}
    service.post('apps/appinstall',**params)

if __name__ == '__main__':
    main();

View solution in original post

Legend

Thank you!

When I am doing something for the first time, it is often the simple things that stymie me! The example of the service.post() helps a lot.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!