Splunk SOAR (f.k.a. Phantom)

What is the process of compiling the .tgz file in windows?

AL3Z
Builder

Hi,

I have edited the inputs.conf file in app.tgz how we can compile it after editing the config file in windows.

 

ty

Labels (1)
Tags (1)
0 Karma

scelikok
SplunkTrust
SplunkTrust

Hi @AL3Z,

You can package your edited apps using Splunk Enterprise CLI command or Third-party utilities and CLI commands (Linux tar command).

You can also check the following link for tar command examples. https://www.linuxtechi.com/tar-command-in-linux-with-examples/

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.

AL3Z
Builder

//

0 Karma

richgalloway
SplunkTrust
SplunkTrust

What help do you need?  If it's just to create the tarball then change to the directory above the app and run

tar -zcf CP_IntSightsAppForSplunk.tgz CP_IntSightsAppForSplunk
---
If this reply helps you, Karma would be appreciated.

AL3Z
Builder

..

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Those are not errors related to creating a tarball.  Those are errors vetting a Splunk app.  Very different things.

The fix is to read the error messages and correct the situations they describe.  Then vet again.

See https://dev.splunk.com/enterprise/reference/appinspect/appinspectcheck/ for more information.

---
If this reply helps you, Karma would be appreciated.

AL3Z
Builder

@richgalloway 

Inside the app folder,I have created a local folder inside that i have inputs.conf and app.conf is it a right way of doing, will it going to replace the existing app.conf,inputs.conf with the local folder files ??

Thanks 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

As the app vetting results say, the must not contain a local directory.  Use of 'local' is restricted to local admins who need to customize your app; the original distribution must not have that directory.  Everything currently in local must be moved to default.

---
If this reply helps you, Karma would be appreciated.

AL3Z
Builder

.

 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

If files by the same name already exist in default then copying them from local will overwrite them.  In that case, you must manually merge the contents of the files into default.

---
If this reply helps you, Karma would be appreciated.
0 Karma

richgalloway
SplunkTrust
SplunkTrust

The 7-Zip utility can create .tgz files since they're just compressed tarballs.

If you will be vetting the app then know that a .tgz file created by Windows will fail AppInspect.  That's because Windows assigns the wrong permissions to the files in the tarball.  The workaround is to transfer the app to a Linux system, un-tar it, change file permissions, and re-create the tarball.

---
If this reply helps you, Karma would be appreciated.

AL3Z
Builder

@richgalloway  @scelikok 

 

Hi, 

Could you pls post the commands for the process of 

  • Un tar, giving permissions,recreate

 

 

 

0 Karma

AL3Z
Builder

@richgalloway 

@scelikok 

Could you share the process of creating the .tgz file 

Thanks..

0 Karma

AL3Z
Builder

Hi,

@richgalloway 

@scelikok 

Tar  --disable-copy file is not working in linux is there any alternative for this ...

 

Caio

0 Karma

scelikok
SplunkTrust
SplunkTrust

Hi @AL3Z,

You can use 7z application to update tgz files in Windows.

https://www.7-zip.org/download.html

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...