Cloud vetting is a process in which Splunk determines whether an app is ready for use on Splunk Cloud. While app developers can request that their apps be vetted for Splunk Cloud readiness, in general it is Splunk Cloud customers who request vetting of a particular Splunk app. This topic provides a brief overview of the Cloud vetting process:
Note: If you submit your Splunk app for app certification, it will undergo Cloud vetting as part of the certification process. You do not need to request Cloud vetting separately.
If a Splunk Cloud customer wants to run a Splunk app that is available on Splunkbase, the app must first be evaluated for suitability for Splunk Cloud. There are several crucial differences between Splunk Enterprise and Splunk Cloud, and Cloud vetting is necessary to help ensure the security of the Splunk Cloud environment and the data stored in that environment. While the vast majority of Splunk apps available on Splunkbase are ready for Splunk Enterprise, they have not all been evaluated or certified for use on Splunk Cloud. Some apps are suitable for an on-premises Splunk Enterprise instance, but aren't appropriate when data needs to be transmitted and stored in a cloud environment.
Cloud vetting is primarily a customer-driven process. That is, Splunk Cloud customers can request that Cloud vetting be performed on a Splunk app on Splunkbase. To do so, a Splunk Cloud customer opens a support ticket with Splunk Support.
If you're a Splunk app developer who wants to vet your Splunk app for Splunk Cloud, get your app certified. First, follow the instructions provided in Prepare your Splunk app for Cloud vetting. Once you've prepared your Splunk app, submit your app for certification. Certified Splunk apps are analyzed according to a strict set of criteria, including suitability for installation and use on Splunk Cloud.
To prepare your Splunk app for Cloud vetting, first review the requirements and recommendations for Splunk Cloud apps that are detailed on Splunk Cloud app requirements and best practices.
Next, to verify that you've fulfilled all of the Splunk Cloud requirements, run the AppInspect tool in precert mode with the cloud tag set. Specifically, run the following command, which assumes that you have installed and configured the AppInspect tool:
splunk-appinspect inspect path/to/splunk/splunk_app.tgz --mode precert --included-tags cloud
Look through the inspect command results:
Cloud vetting is comprised of an automated and an optional manual process. That is, Splunk first runs the AppInspect tool to perform automated vetting, and then, if necessary, a Splunk employee performs a manual vetting process to further evaluate the app.
The criteria that Splunk uses to vet a Splunk app for Splunk Cloud are listed on Splunk Cloud app requirements and best practices. Be aware that these criteria are always subject to change as new security threats are discovered and the Splunk platform is updated.
If the AppInspect tool returns no failures, and either doesn't require or passes any required manual checks, Splunk will most likely approve the Splunk app for Splunk Cloud. If the Cloud vetting was requested by a Splunk Cloud customer, the app is installed on the customer's Splunk Cloud instance upon successful Cloud vetting.
If a Splunk app has already been successfully vetted for Splunk Cloud, new versions of the Splunk app will most likely be more quickly vetted.