Splunk Enterprise

How do I install an app outside the splunk instance from the REST API?


The API reference mentions how to install an app that is already local to the splunk instance with apps/local.

We can already upload an app manually in the Web console by going Apps->Manage Apps->Install App from File.

However, for detection-as-code purposes, I need to be able to do that in a programmatic way, using an API, for CI/CD purposes. I have seen no documented way to do that, which can't be true. Surely if we can do that from the web console, there is a way to do that programmatically using an API.

How do I install an app outside the Splunk instance from the REST API?

Thanks 🙂

Labels (1)
0 Karma
1 Solution


Does it have to be via REST API?  If not, you can use the ACS API to install and manage apps.  See https://docs.splunk.com/Documentation/SplunkCloud/9.2.2406/Config/ACSreqs

If this reply helps you, Karma would be appreciated.

View solution in original post


Thanks, using the ACS-cli, I was able to deploy my app to my Splunk Cloud Platform instance.


For reference, here is a powershell code snippet to deploy such app:


# Set up splunk account for app validation with appinspect.splunk.com
$env:SPLUNK_USERNAME = "username@email.com"
$env:SPLUNK_PASSWORD = (Get-Credential -Message a -UserName a).GetNetworkCredential().Password
acs.exe config add-stack <nameofthestack> --target-sh <nameofsearchhead>
acs.exe config use-stack <nameofthestack> --target-sh <nameofsearchhead>
acs.exe login
acs.exe --verbose apps install private --acs-legal-ack Y --app-package .\path\to\my-custom-app-latest.tar.gz



Thanks for the reply. I'll check this out and report back!

0 Karma

Based on group where you have put this question You are doing this on Splunk Enterprise not in Splunk Cloud? ACS is working only with cloud, not with Enterprise.

In Enterprise you need to have CLI access into node and then you can script it. E.g. ansible is good tool to manage installations. You could have control node where you get packages/apps from git and then install those with ansible-play.
0 Karma


I'm sorry, I think I put it in the wrong place. We're using Splunk Cloud, so this solution (ACS) will probably work. I'll update when I worked on it to confirm it works for my needs.

0 Karma


Yes if you are using SCP then ACS is your selection to do this.

There is also a Terraform connector to do this kind of stuff if that is familiar tool for you.

And if you are partner then there is a presentation kept couple of years ago in GPS which give you a excellent framework to manage Clients SCP environments.


Does it have to be via REST API?  If not, you can use the ACS API to install and manage apps.  See https://docs.splunk.com/Documentation/SplunkCloud/9.2.2406/Config/ACSreqs

If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Buttercup Games: Further Dashboarding Techniques (Part 3)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Digital Resilience Assessment Launch | How prepared are you for disruption?

Disruption is inevitable. The question is – how prepared are you to handle it? In today’s fast-moving digital ...

Buttercup Games: Further Dashboarding Techniques (Part 2)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...