Splunk Cloud Platform

Unable to Upload Custom App for Jira in Splunk Cloud

yoshilog
Explorer

We are looking into Splunk Cloud as a solution, instead of our regular Splunk Enterprise (On Premise) Setup.
To be able to test the feasibility of sending data from external sources (Jira Cloud, Redmine) , I wanted to install our own Custom App for testing.

Unfortunately, there is no current way for us to do that in the Free Trial I have.

We simply want to test if we can index data from Jira Cloud to Splunk Cloud, without having to use a Heavy Forwarder or Universal Forwarder.

Ways to replicate:
Splunk Cloud Login > Manage Apps > No button for uploading a custom app / add-on.

Questions: 
1. Is there a way to directly install Custom Apps / Add-ons (that are originally built for Splunk Enterprise), in Splunk Cloud? We were thinking about compatibility issues, and if the apps would work the same way. 

2. Is there a way to gauge whether or not the quantity of data that we want to send from external sources, would require us to install a Heavy / Universal Forwarder? (We are trying to avoid additional costs by taking Splunk Cloud, so we were wondering if we could do without them)

 

Labels (1)
0 Karma

mattymo
Splunk Employee
Splunk Employee

1. Is there a way to directly install Custom Apps / Add-ons (that are originally built for Splunk Enterprise), in Splunk Cloud? We were thinking about compatibility issues, and if the apps would work the same way. 

Yes, see "installing Private apps" on Splunk Cloud Platform. -https://docs.splunk.com/Documentation/SplunkCloud/9.1.2308/Admin/PrivateApps

2.  Is there a way to gauge whether or not the quantity of data that we want to send from external sources, would require us to install a Heavy / Universal Forwarder? (We are trying to avoid additional costs by taking Splunk Cloud, so we were wondering if we could do without them)

As long as your cloud deployment is sized correctly around how much ingest and search you plan to do, you can absolutley use cloud without the need for HFs or on-premesis infra. It's always an option when needed. 

The main place to get familiar with is the Splunk Cloud Service Description. It lays out the service and any limits or recommends we have. For example, 

https://docs.splunk.com/Documentation/SplunkCloud/9.1.2308/Service/SplunkCloudservice#Experience_des...
   

 VictoriaClassic
Modular and scripted inputs
Modular and scripted inputs can now run directly on the search tier without the additional overhead of a separate IDM instance.

Review pull based service limits below:
Up to 500GB/day for entitlement of less than 166 SVC or 1 TB
Up to 1.5TB/day for more than 166 SVC or 1 TB

Modular and scripted inputs must run on a separate IDM instance or customer-managed heavy forwarder.


Victoria runs the inputs on the SH tier to allow self service. Classic runs the "HF"s for you as "IDM"s, but way less self service. So depends on what you value more. 


The free cloud trial instances wont be what you want for actual testing etc. Have your Sales Engineer spin up a demo stack internally and you can play with them or do a full blown POC. 


How much ingest do you plan to do? Check out the Splunk Cloud Migration Assessment app for help translating requirements. 

https://splunkbase.splunk.com/app/4974

Hope that helps! Feel free to join others on splunk cloud in the splunk_cloud room on community slack too! splk.it/slack



- MattyMo

isoutamo
SplunkTrust
SplunkTrust

Hi

basically you could do it based on this doc Free trial Splunk Cloud Platform deployments. Of course your app must fulfil cloud app vetting process, but this has checked when you try to install it.

Are you sure that your account has sc_admin role?

r. Ismo

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...