About Cloud vetting

Cloud vetting is a process in which Splunk determines whether an app is ready for use on Splunk Cloud. While app developers can request that their apps be vetted for Splunk Cloud readiness, in general it is Splunk Cloud customers who request vetting of a particular Splunk app. This topic provides a brief overview of the Cloud vetting process:

Note: If you submit your Splunk app for app certification, it will undergo Cloud vetting as part of the certification process. You do not need to request Cloud vetting separately.

Why Cloud vetting?

If a Splunk Cloud customer wants to run a Splunk app that is available on Splunkbase, the app must first be evaluated for suitability for Splunk Cloud. There are several crucial differences between Splunk Enterprise and Splunk Cloud, and Cloud vetting is necessary to help ensure the security of the Splunk Cloud environment and the data stored in that environment. While the vast majority of Splunk apps available on Splunkbase are ready for Splunk Enterprise, they have not all been evaluated or certified for use on Splunk Cloud. Some apps are suitable for an on-premises Splunk Enterprise instance, but aren't appropriate when data needs to be transmitted and stored in a cloud environment.

How to request Cloud vetting

Cloud vetting is primarily a customer-driven process. That is, Splunk Cloud customers can request that Cloud vetting be performed on a Splunk app on Splunkbase. To do so, a Splunk Cloud customer opens a support ticket with Splunk Support.

If you're a Splunk app developer who wants to vet your Splunk app for Splunk Cloud, get your app certified. First, follow the instructions provided in Prepare your Splunk app for Cloud vetting. Once you've prepared your Splunk app, submit your app for certification. Certified Splunk apps are analyzed according to a strict set of criteria, including suitability for installation and use on Splunk Cloud.

Prepare your Splunk app for Cloud vetting

To prepare your Splunk app for Cloud vetting, first review the requirements and recommendations for Splunk Cloud apps that are detailed on Splunk Cloud app requirements and best practices.

Next, to verify that you've fulfilled all of the Splunk Cloud requirements, run the AppInspect tool in precert mode with the cloud tag set. Specifically, run the following command, which assumes that you have installed and configured the AppInspect tool:

splunk-appinspect inspect path/to/splunk/splunk_app.tgz --mode precert --included-tags cloud

Look through the inspect command results:

  • One or more failures indicate that the Splunk app failed Cloud vetting, and is therefore not approved for installation on Splunk Cloud. The Splunk app developer should fix the failures, and then try running the command again.
  • One or more manual checks indicate that the Splunk app will require manual checking as part of the Cloud vetting process. This means that, if the Splunk app is submitted for Cloud vetting, a Splunk employee will check the app manually. The Cloud vetting process will most likely take longer, though the Splunk app is not any more or less likely to be approved. If you review the items that will be checked manually against the Splunk Cloud app requirements and best practices, they will be more likely to pass. Developers who clearly comment their work will be most likely to pass vetting, because they will have addressed possible concerns before submitting.
  • Apps that return zero failures or manual checks will most likely be quickly approved for installation on Splunk Cloud.

How Cloud vetting works

Cloud vetting is comprised of an automated and an optional manual process. That is, Splunk first runs the AppInspect tool to perform automated vetting, and then, if necessary, a Splunk employee performs a manual vetting process to further evaluate the app.

The criteria that Splunk uses to vet a Splunk app for Splunk Cloud are listed on Splunk Cloud app requirements and best practices. Be aware that these criteria are always subject to change as new security threats are discovered and the Splunk platform is updated.

If the AppInspect tool returns no failures, and either doesn't require or passes any required manual checks, Splunk will most likely approve the Splunk app for Splunk Cloud. If the Cloud vetting was requested by a Splunk Cloud customer, the app is installed on the customer's Splunk Cloud instance upon successful Cloud vetting.

If a Splunk app has already been successfully vetted for Splunk Cloud, new versions of the Splunk app will most likely be more quickly vetted.