Getting Data In

how to install downloaded Splunk apps on windows without untar

Justin_Grant
Contributor

Windows doesn't have a built-in way to unpack the .tar.gz format used by Splunk apps downloaded from Splunkbase. What are good ways to install Splunk apps on Windows?

I'm ideally looking for multiple options I can use dependning on the scenario:

  • using the Splunk command-line (CLI)
  • using a free, downloadable, 3rd-party Windows GUI unzipper (can you recommend a good one for .tar.gz files?)
  • via the Splunk REST API, so I can automate a solution for an install of an app on a remote Splunk server
  • any other cool way you can suggest.

Of course, what I really want is a way in the Splunk launcher or Manager that I can upload an app into Splunk, but I assume this isn't there in Splunk 4.1 yet.

1 Solution

Leo
Splunk Employee
Splunk Employee

Alternatively you can use CLI command:

splunk install app /tmp/myapp.spl

Also check out Web Terminal for Splunk app to access remote CLI from your browser.

Or use REST API for app install:
Documentation

If you need to extract it manually, there's a free 3rd-party Windows GUI: 7-Zip

View solution in original post

Eqalis
Explorer

This was true of splunk before version 4.2. Now you can go to Manager >> Apps >> Install app from file

If you have an older version of Splunk then you have the Python programming language at your disposal and a handy script called untarit.py.

For an app file called "Foo.spl", type the following on one line:

C:\Program Files\Splunk\Python-2.6>..\bin\python ..\bin\untarit.py ..\etc\apps\Foo.spl ..\etc\apps\

Note, you must be in the Python-2.6 directory for Python to be able to find all the modules it needs, hence all the horrible '..\' stuff.

hiddenkirby
Contributor

what he said! go to filehippo.com get 7zip right click the tar file... extract to where u want it.

Leo
Splunk Employee
Splunk Employee

Alternatively you can use CLI command:

splunk install app /tmp/myapp.spl

Also check out Web Terminal for Splunk app to access remote CLI from your browser.

Or use REST API for app install:
Documentation

If you need to extract it manually, there's a free 3rd-party Windows GUI: 7-Zip

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...