Splunk SOAR (f.k.a. Phantom)

What is the process of compiling the .tgz file in windows?

AL3Z
Path Finder

Hi,

I have edited the inputs.conf file in app.tgz how we can compile it after editing the config file in windows.

 

ty

Labels (1)
Tags (1)
0 Karma

scelikok
SplunkTrust
SplunkTrust

Hi @AL3Z,

You can package your edited apps using Splunk Enterprise CLI command or Third-party utilities and CLI commands (Linux tar command).

You can also check the following link for tar command examples. https://www.linuxtechi.com/tar-command-in-linux-with-examples/

 

If this reply helps you an upvote is appreciated.

AL3Z
Path Finder

//

0 Karma

richgalloway
SplunkTrust
SplunkTrust

What help do you need?  If it's just to create the tarball then change to the directory above the app and run

tar -zcf CP_IntSightsAppForSplunk.tgz CP_IntSightsAppForSplunk
---
If this reply helps you, Karma would be appreciated.

AL3Z
Path Finder

..

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Those are not errors related to creating a tarball.  Those are errors vetting a Splunk app.  Very different things.

The fix is to read the error messages and correct the situations they describe.  Then vet again.

See https://dev.splunk.com/enterprise/reference/appinspect/appinspectcheck/ for more information.

---
If this reply helps you, Karma would be appreciated.

AL3Z
Path Finder

@richgalloway 

Inside the app folder,I have created a local folder inside that i have inputs.conf and app.conf is it a right way of doing, will it going to replace the existing app.conf,inputs.conf with the local folder files ??

Thanks 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

As the app vetting results say, the must not contain a local directory.  Use of 'local' is restricted to local admins who need to customize your app; the original distribution must not have that directory.  Everything currently in local must be moved to default.

---
If this reply helps you, Karma would be appreciated.

AL3Z
Path Finder

.

 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

If files by the same name already exist in default then copying them from local will overwrite them.  In that case, you must manually merge the contents of the files into default.

---
If this reply helps you, Karma would be appreciated.
0 Karma

richgalloway
SplunkTrust
SplunkTrust

The 7-Zip utility can create .tgz files since they're just compressed tarballs.

If you will be vetting the app then know that a .tgz file created by Windows will fail AppInspect.  That's because Windows assigns the wrong permissions to the files in the tarball.  The workaround is to transfer the app to a Linux system, un-tar it, change file permissions, and re-create the tarball.

---
If this reply helps you, Karma would be appreciated.

AL3Z
Path Finder

@richgalloway  @scelikok 

 

Hi, 

Could you pls post the commands for the process of 

  • Un tar, giving permissions,recreate

 

 

 

0 Karma

AL3Z
Path Finder

@richgalloway 

@scelikok 

Could you share the process of creating the .tgz file 

Thanks..

0 Karma

AL3Z
Path Finder

Hi,

@richgalloway 

@scelikok 

Tar  --disable-copy file is not working in linux is there any alternative for this ...

 

Caio

0 Karma

scelikok
SplunkTrust
SplunkTrust

Hi @AL3Z,

You can use 7z application to update tgz files in Windows.

https://www.7-zip.org/download.html

If this reply helps you an upvote is appreciated.
0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...