Splunk Enterprise

Upgrading Splunk add-on Apps to newer add-on version

shub_loginsoft
Explorer

How to upgrade existing Add-on apps to newer add-on version on different computers.

0 Karma

shub_loginsoft
Explorer

We have received an email requesting the upgrade of our existing add-on app to the latest version of the add-on builder. Despite our attempts to validate the app using the add-on builder app, we encountered difficulties importing the .tgz file. It's important to note that we are using a separate instance for validation and packaging.

We are seeking guidance on how to successfully validate and package the app using the add-on builder app. Our ultimate goal is to submit the updated app to Splunkbase, ensuring compatibility with the Splunk Cloud platform. Any assistance in this matter would be greatly appreciated.

0 Karma

isoutamo
SplunkTrust
SplunkTrust

You probably have already read these https://dev.splunk.com/enterprise/docs/releaseapps/cloudvetting and other instructions from dev.splunk.com?

0 Karma

shub_loginsoft
Explorer

Certainly, I have already reviewed the provided documentation on this matter. I received this "

1.   check_for_addon_builder_version

Only the add_on_builder version in addon_builder.conf is updated to the 4.1.3 version of AOB and not the whole app. The AOB library files must also be updated to make Splunk cloud-compatible. This app contains an older AOB library. File: default/addon_builder.conf Line Number: 4"

Since, the existing app is developed on some other instance, and we are trying to import that .tgz file downloaded from splunkbase on different instance. Need guidance to make it work.

 

0 Karma

isoutamo
SplunkTrust
SplunkTrust

In which version AOB your app is build? Is it so old that it support only Python2 or is there also Python3 support? It seems that current AOB versions from 3.0.+ are supporting only python3 versions. I'm not sure but I expecting that older versions contains libaries like .../aob_py2/... or are even without that directory?

Is it possible that you will get up a dev environment which contains that original AOB version and that app also? Then just check what that AOB will said about it. If it works then follow up how to update AOB to some recent versions.

Another option (maybe) could be that you install that app on your current dev environment and then add current AOB version and try again if it could manage that app or not?

Third option is just forget AOB and build that app from scratch if possible or using AOB and start from scratch with it.

shub_loginsoft
Explorer

Thanks for you answer.

I've already attempted the second solution you provided, which involved installing the app on the latest Add-On Builder version and validating it. Unfortunately, this approach didn't resolve the issue.

In the event that we decide to develop the app from scratch, could we successfully add it to Splunkbase as the next version?

0 Karma

isoutamo
SplunkTrust
SplunkTrust

As long as you keep the app.conf and app name etc the same this should work. Of course you must increase version and build numbers. 

0 Karma

shub_loginsoft
Explorer

Additionally, the current version of the app supports Python 3, as we have incorporated the aob_py3 package.

0 Karma

sharad
Observer

HI, were you able to solve this issue?

0 Karma

shub_loginsoft
Explorer

Yes, but by developing the add-on from the scratch

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

Usually those apps/TAs contains readme / install instructions. Just follow those to get current versions upgrade.

If there is no separate instructions then you should use test environment to try to update it. Usually you can update it with GUI or cli or using DS if that is distributed into UFs. Just follow these general instructions https://docs.splunk.com/Documentation/AddOns/released/Overview/Installingadd-ons for splunk's own add-ons.

r. Ismo

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Read thoroughly this documentation - it has most of the answers.

https://docs.splunk.com/Documentation/AddOns/released/Overview/Installingadd-ons

If you have some specific problems, feel free to ask.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...