An easy way to deploy your Splunk app to other computers is to install the app from a package. A packaged app is is a compressed tar archive (a .tar.gz tarball) with the .spl file extension that includes the dashboards, reports, scripted and modular inputs, field extractions, workflow actions, lookups, event types, and other objects in your app. Users can install your packaged app directly using Splunk Web or the command line, and organizations can use deployment tools to distribute apps to their users.
You can share your app with the world by submitting it to Splunkbase. You'll need to meet certain requirements before you can upload your app package. For details, see the Working with Splunkbase manual, which describes the approval criteria and the submission process.
The general process is as follows:
This section provides details about preparing your app for packaging and submission to Splunkbase by verifying the following areas:
Be sure to follow the naming conventions when choosing a name for your app. For details, see Naming conventions for apps and add-ons on Splunkbase in the Working with Splunkbase manual, which describes the requirements for the name of your app and the correct way to reference Splunk and third-party trademarks.
App settings are located in the $APP_HOME/default/app.conf file, which is created for you when using Splunk Web. Review the app.conf.spec documentation to ensure your app can be uploaded to Splunkbase:
[package] check_for_updates = 0
An app requires a dedicated directory under $SPLUNK_HOME/etc/apps/, for example $SPLUNK_HOME/etc/apps/your_app_name. This directory is created for you when you use Splunk Web to create an app. This dedicated directory is denoted by $APP_HOME below.
The packaging process creates a snapshot of your app's directory structure and files, so before you submit your app to Splunkbase you must make sure the files for your app are in the correct locations and contain the correct information. Splunkbase validates all app files and does not allow you to upload the package if there are errors. For details, see Splunkbase file standards reference table in the Working with Splunkbase manual, which lists the standards that are used to evaluate your app when you submit it to Splunkbase.
Make sure any temporary local files are either moved to the proper location or are removed:
Place any scripts for your app in the $APP_HOME/bin directory and make sure the inputs configuration file, $APP_HOME/default/inputs.conf, is set up correctly to run your scripts. See the inputs.conf.spec for details). If your app includes scripted inputs, scripted searches, or scripted lookups, follow the general best practices for writing and testing the scripts, including:
[script://./bin/my_input.sh] interval = 60 sourcetype = my_sourcetype disabled = 0 [script://.\bin\my_input.bat] interval = 60 sourcetype = my_sourcetype disabled = 0
Make sure you have all of the correct configuration (.conf) files needed for your app. Some objects might be defined in Splunk Enterprise folders. For example, if you are packaging field extractions with your app, they might be defined in stanzas in the props.conf and transforms.conf configuration files for the Search app rather than in your app.
When you need to use a stanza from a configuration file:
For an overview of Splunk Enterprise configuration files, and a list and description of all configuration files, see About configuration files in the Admin Manual.
If you want to display an icon for your app in Splunk Web, put the icon files in $APP_HOME/static. Icons are used in the following order of precedence such that the first icon found is the one that is used as the app icon on Splunkbase:
For more about app icons, see Configure app properties.
Include any dependencies your app needs to run outside of your environment. Try testing your app on different systems and configurations.
Make sure fields, event types, and other information tags adhere to the Splunk Common Information Model to ensure that your app works with other Splunk apps.
If you need users to configure local settings when your app first runs, create and include a setup page.
For more, see Create a setup page for a Splunk app.
Verify permissions for each object in your app and change any permissions that aren't set correctly.
You can set permissions by going to Settings > Access controls in Splunk Enterprise, or by editing the $APP_HOME/metadata/default.meta file directly. If you set permissions through Splunk Web, make sure the permissions are saved to default.meta rather than to local.meta. To do this, copy the relevant settings from the $APP_HOME/metadata/local.meta file to $APP_HOME/metadata/default.meta.
If you are packaging an add-on that is not set to Visible, you must make each object globally available.
Validate the XML for your dashboards and navigation by running the validation script validate_all.py, located at $SPLUNK_HOME/share/splunk/search_mrsparkle/exposed/schema/. This script validates all of the XML files that are located in $SPLUNK_HOME/etc/.
This example shows how to navigate to navigate to and run the script:
cd $SPLUNK_HOME/share/splunk/search_mrsparkle/exposed/schema/ $SPLUNK_HOME/bin/splunk cmd python validate_all.py
Add documentation for your app, which you can distribute in various ways:
Before uploading your app to Splunkbase, you must package it, which means compressing the app directory into a single file. Splunkbase package uploads are required to use the SPL format, which is identical to the tar archive format (a "tarball"), except the SPL format uses the .spl extension rather than .tar.gz.
To package an app
On Mac, enter:
./splunk package app your_app_name
On Windows, enter:
splunk package app your_app_name
The package file, your_app_name.spl, is created in $SPLUNK_HOME/etc/system/static/app-packages/.
Before you submit your packaged app to Splunkbase for use on other computers, you should install and test it yourself:
When you are ready to submit your app to Splunkbase, refer to Submit content to Splunkbase in the Working with Splunkbase manual for directions.