Splunk Enterprise

Upgrading Splunk add-on Apps to newer add-on version

shub_loginsoft
Engager

How to upgrade existing Add-on apps to newer add-on version on different computers.

0 Karma

shub_loginsoft
Engager

We have received an email requesting the upgrade of our existing add-on app to the latest version of the add-on builder. Despite our attempts to validate the app using the add-on builder app, we encountered difficulties importing the .tgz file. It's important to note that we are using a separate instance for validation and packaging.

We are seeking guidance on how to successfully validate and package the app using the add-on builder app. Our ultimate goal is to submit the updated app to Splunkbase, ensuring compatibility with the Splunk Cloud platform. Any assistance in this matter would be greatly appreciated.

0 Karma

isoutamo
SplunkTrust
SplunkTrust

You probably have already read these https://dev.splunk.com/enterprise/docs/releaseapps/cloudvetting and other instructions from dev.splunk.com?

0 Karma

shub_loginsoft
Engager

Certainly, I have already reviewed the provided documentation on this matter. I received this "

1.   check_for_addon_builder_version

Only the add_on_builder version in addon_builder.conf is updated to the 4.1.3 version of AOB and not the whole app. The AOB library files must also be updated to make Splunk cloud-compatible. This app contains an older AOB library. File: default/addon_builder.conf Line Number: 4"

Since, the existing app is developed on some other instance, and we are trying to import that .tgz file downloaded from splunkbase on different instance. Need guidance to make it work.

 

0 Karma

isoutamo
SplunkTrust
SplunkTrust

In which version AOB your app is build? Is it so old that it support only Python2 or is there also Python3 support? It seems that current AOB versions from 3.0.+ are supporting only python3 versions. I'm not sure but I expecting that older versions contains libaries like .../aob_py2/... or are even without that directory?

Is it possible that you will get up a dev environment which contains that original AOB version and that app also? Then just check what that AOB will said about it. If it works then follow up how to update AOB to some recent versions.

Another option (maybe) could be that you install that app on your current dev environment and then add current AOB version and try again if it could manage that app or not?

Third option is just forget AOB and build that app from scratch if possible or using AOB and start from scratch with it.

shub_loginsoft
Engager

Thanks for you answer.

I've already attempted the second solution you provided, which involved installing the app on the latest Add-On Builder version and validating it. Unfortunately, this approach didn't resolve the issue.

In the event that we decide to develop the app from scratch, could we successfully add it to Splunkbase as the next version?

0 Karma

isoutamo
SplunkTrust
SplunkTrust

As long as you keep the app.conf and app name etc the same this should work. Of course you must increase version and build numbers. 

0 Karma

shub_loginsoft
Engager

Additionally, the current version of the app supports Python 3, as we have incorporated the aob_py3 package.

0 Karma

sharad
Observer

HI, were you able to solve this issue?

0 Karma

shub_loginsoft
Engager

Yes, but by developing the add-on from the scratch

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

Usually those apps/TAs contains readme / install instructions. Just follow those to get current versions upgrade.

If there is no separate instructions then you should use test environment to try to update it. Usually you can update it with GUI or cli or using DS if that is distributed into UFs. Just follow these general instructions https://docs.splunk.com/Documentation/AddOns/released/Overview/Installingadd-ons for splunk's own add-ons.

r. Ismo

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Read thoroughly this documentation - it has most of the answers.

https://docs.splunk.com/Documentation/AddOns/released/Overview/Installingadd-ons

If you have some specific problems, feel free to ask.

0 Karma
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf24, and Community Connections

Thank you to everyone in the Splunk Community who joined us for .conf24 – starting with Splunk University and ...

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...