Solved: How do I install an app outside the splunk instanc...

Emilio

The API reference mentions how to install an app that is already local to the splunk instance with apps/local.

We can already upload an app manually in the Web console by going Apps->Manage Apps->Install App from File.

However, for detection-as-code purposes, I need to be able to do that in a programmatic way, using an API, for CI/CD purposes. I have seen no documented way to do that, which can't be true. Surely if we can do that from the web console, there is a way to do that programmatically using an API.

How do I install an app outside the Splunk instance from the REST API?

Thanks 🙂

richgalloway

Does it have to be via REST API? If not, you can use the ACS API to install and manage apps. See https://docs.splunk.com/Documentation/SplunkCloud/9.2.2406/Config/ACSreqs

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Emilio

Thanks, using the ACS-cli, I was able to deploy my app to my Splunk Cloud Platform instance.

For reference, here is a powershell code snippet to deploy such app:

# Set up splunk account for app validation with appinspect.splunk.com
$env:SPLUNK_USERNAME = "username@email.com"
$env:SPLUNK_PASSWORD = (Get-Credential -Message a -UserName a).GetNetworkCredential().Password 
acs.exe config add-stack <nameofthestack> --target-sh <nameofsearchhead>
acs.exe config use-stack <nameofthestack> --target-sh <nameofsearchhead>
acs.exe login
acs.exe --verbose apps install private --acs-legal-ack Y --app-package .\path\to\my-custom-app-latest.tar.gz

Emilio

Thanks for the reply. I'll check this out and report back!

isoutamo

Based on group where you have put this question You are doing this on Splunk Enterprise not in Splunk Cloud? ACS is working only with cloud, not with Enterprise.

In Enterprise you need to have CLI access into node and then you can script it. E.g. ansible is good tool to manage installations. You could have control node where you get packages/apps from git and then install those with ansible-play.

Emilio

I'm sorry, I think I put it in the wrong place. We're using Splunk Cloud, so this solution (ACS) will probably work. I'll update when I worked on it to confirm it works for my needs.

isoutamo

Yes if you are using SCP then ACS is your selection to do this.

There is also a Terraform connector to do this kind of stuff if that is familiar tool for you.

And if you are partner then there is a presentation kept couple of years ago in GPS which give you a excellent framework to manage Clients SCP environments.

richgalloway

Does it have to be via REST API? If not, you can use the ACS API to install and manage apps. See https://docs.splunk.com/Documentation/SplunkCloud/9.2.2406/Config/ACSreqs

---
If this reply helps you, Karma would be appreciated.

How do I install an app outside the splunk instance from the REST API?

installation

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)