Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create spl file?

Daniil_group_ib
New Member
‎08-11-2022 03:38 AM

Hi, i have some problems with create spl file, which using to integrate into splunk es.

0 Karma
Reply

effem2
Path Finder
‎08-16-2022 06:58 AM

Hi Daniil,

 

you can package Apps like that in multiple ways see:
https://dev.splunk.com/enterprise/docs/releaseapps/packageapps/

Easiest would probably be to utilize Splunk.

example:

/opt/splunk/bin/splunk package app <appname>
0 Karma
Reply

diogofgm
SplunkTrust
SplunkTrust
‎08-11-2022 03:41 AM

What do you mean with "problems with create spl file"? the .spl file extension can be just a renamed .tgz extension. Additionally you can install an app packaged as a tgz into splunk. 

What are you trying to accomplish?

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Reply

Daniil_group_ib
New Member
‎08-12-2022 05:05 AM

I mean that in order to create my own integration with splunk, I need to upload a spl file into it, I don’t really understand how I pack my project into this file for integration with the system

0 Karma
Reply

diogofgm
SplunkTrust
SplunkTrust
‎08-17-2022 07:39 AM

You just need to make sure the app structure is all there (include default folder with app.conf, metadata with default.meta and whatever other .conf files you want to include) a then just make a tar of the whole thing. The .spl file is just a .tar with a renamed extension.

Check this section of the link effem2 shared regarding 3rd party utilities:
https://dev.splunk.com/enterprise/docs/releaseapps/packageapps/#Third-party-utilities-and-CLI-comman...

Other option is, If you have it your all in a github repo, you can use GitHub actions to do that for you.

Check one of my repos: https://github.com/diogofgm/TA-aruba_networks

I have some workflows for GitHub actions there that packs the app as a tar.gz, runs splunk app inspect on it and uploads it to GitHub as a action result that you can then download and install it into splunk.

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...