Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to preserve all configured data inputs when upgrading a custom app using Splunk Add-on Builder?

benhooper
Communicator
‎08-26-2020 02:53 AM

I've found that upgrading a custom app built with Splunk Add-on Builder is clearing all configured data inputs. Is there a way to prevent this?

2020-08-26 10-43-41 - Settings__Splunk_-_Google_Chrome.png2020-08-26 10-44-44 - Inputs_-_Google_Chrome.png2020-08-26 10-45-38 - Settings__Splunk_-_Google_Chrome.png2020-08-26 10-47-02 - Settings__Splunk_-_Google_Chrome.png2020-08-26 10-47-23 - Inputs_-_Google_Chrome.png

Labels (3)
Labels
0 Karma
Reply

benhooper
Communicator
‎09-14-2020 04:38 AM

BUMP.

0 Karma
Reply

rnowitzki
Builder
‎08-26-2020 03:00 AM

Hi @benhooper ,

My guess is, that the definitions / .conf files were stored in the ./default directory of the app and not ./local, so they were overwritten when the app was updated.

BR 
Ralph

--
Karma and/or Solution tagging appreciated.
0 Karma
Reply

benhooper
Communicator
‎08-26-2020 03:10 AM

Hi @rnowitzki

Good idea but I've just checked and found that this configuration is stored in file /opt/splunk/etc/apps/<app name>/local/inputs.conf.

Thanks,

Ben.

0 Karma
Reply

rnowitzki
Builder
‎08-26-2020 03:16 AM

Hi @benhooper,

Hmm, ok. Is it stored in ./local within structure of the tar.gz of the app? That would be against the law 🙂

Or do you mean, the inputs.conf is still there in the filesystem, but you don't see it in the gui?

BR
Ralph

--
Karma and/or Solution tagging appreciated.
Reply

benhooper
Communicator
‎08-26-2020 03:28 AM

Hi @rnowitzki

My previous message was in regards to where the active, correct configuration is stored.

Your message led me to look inside the archive and I found that, by default, the file <appName>_<appVersion>_export.tgz/<appName>_<appVersion>_export.tgz/<appName>/local/inputs.conf exists and contains the default / generic config. Simply deleting that file from the archive solves the problem because it can't be used to overwrite the live file.

Thanks!

0 Karma
Reply

benhooper
Communicator
‎08-28-2020 12:02 PM

Bonus points to anyone who can tell me how I can prevent these files from being exported in the first place! It's a nuisance having to manually remove them every time I export.

0 Karma
Reply

rnowitzki
Builder
‎08-31-2020 01:14 AM

Hi @benhooper ,

You mean to prevent that the inputs.conf of the tar.gz overwrites the inputs.conf of the App?

The problem is with the archive itself, it should not have any inputs.conf in ./local. It should deliver its inputs.conf in the ./default directory. That way it would extract the new copy, but the app would still use the one in ./local because of conf file precedence rules.

Where is the app coming from?

BR
Ralph

--
Karma and/or Solution tagging appreciated.
0 Karma
Reply

benhooper
Communicator
‎09-01-2020 02:08 AM

Hi @rnowitzki ,

The app is being exported from the Splunk Add-on Builder.

Thanks,

Ben.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...