Hi, i have some problems with create spl file, which using to integrate into splunk es.
Hi Daniil,
you can package Apps like that in multiple ways see:
https://dev.splunk.com/enterprise/docs/releaseapps/packageapps/
Easiest would probably be to utilize Splunk.
example:
/opt/splunk/bin/splunk package app <appname>
What do you mean with "problems with create spl file"? the .spl file extension can be just a renamed .tgz extension. Additionally you can install an app packaged as a tgz into splunk.
What are you trying to accomplish?
I mean that in order to create my own integration with splunk, I need to upload a spl file into it, I don’t really understand how I pack my project into this file for integration with the system
You just need to make sure the app structure is all there (include default folder with app.conf, metadata with default.meta and whatever other .conf files you want to include) a then just make a tar of the whole thing. The .spl file is just a .tar with a renamed extension.
Check this section of the link effem2 shared regarding 3rd party utilities:
https://dev.splunk.com/enterprise/docs/releaseapps/packageapps/#Third-party-utilities-and-CLI-comman...
Other option is, If you have it your all in a github repo, you can use GitHub actions to do that for you.
Check one of my repos: https://github.com/diogofgm/TA-aruba_networks
I have some workflows for GitHub actions there that packs the app as a tar.gz, runs splunk app inspect on it and uploads it to GitHub as a action result that you can then download and install it into splunk.