Take a moment to complete our quick CSAT survey.Fill the survey
Search

 Package apps for Splunk Cloud Platform or Splunk Enterprise

On this page

An app package is a compressed tar archive, or tarball, with a .spl, .tgz, or .tar.gz file extension and contains the app directory and its files. An app must be packaged in order to distribute it. Users can install packaged apps directly from Splunkbase using Splunk Web or the command line. Administrators can deploy packaged apps to private Splunk platform deployments.

A packaged app contains the app directory structure and can include files for the following:

  • Resources such as icons, images, and a readme
  • Configurations and permissions
  • Lookups
  • Dashboards, views, and visualizations
  • Scripts, code, and dependencies

At a minimum in Splunk Web, an app package must contain the following files:

  • The app.conf configuration file
  • The default.xml app navigation file

Splunkbase has additional requirements that an app package must meet for approval. For a list of Splunkbase requirements, see Reference for Splunkbase file standards.

Apps intended for Splunk Cloud Platform must pass cloud vetting. See Vet apps and add-ons for Splunk Cloud Platform.

 Tools for packaging apps

Use one of the following tools to package your Splunk apps.

 Splunk Packaging Toolkit

The Splunk Packaging Toolkit provides tools for authoring, partitioning, packaging, and validating a Splunk app. The Packaging Toolkit helps improve various aspects of app management, including installation, configuration, and updates.

The Packaging Toolkit CLI uses the slim command with the following syntax:

slim [-v] [-h] [--debug] [--quiet]
            {config,describe,generate-manifest,package,partition,validate,update-installation} ...

For more information, see Package apps for Splunk Cloud Platform or Splunk Enterprise using the Splunk Packaging Toolkit.

 Splunk Enterprise CLI command

The Splunk Enterprise CLI includes a splunk package app command for packaging apps. This command creates a tar archive of the app directory and saves the package with the .spl file extension to $SPLUNK_HOME/share/splunk/app_packages.

The splunk package app command merges the app /local directory with the /default directory. If you have any local configurations that you do not want in the app package, remove the /local directory before you package the app.

Info Circle

The app directory must be located in $SPLUNK_HOME/etc/apps to use this command.

To package an app using the Splunk Enterprise CLI, do the following:

  1. Open a command prompt in $SPLUNK_HOME/bin.

  2. Enter the following command:

    splunk package app <appname>

    If you are not logged in, you are prompted to do so.

The following example shows what this process might look like on Windows:

C:\> cd %SPLUNK_HOME%/bin

C:\Program Files\Splunk\bin> splunk package app myapp
App 'myapp' is packaged.
Package location: C:\Program Files\Splunk\share\splunk\app_packages\myapp.spl

For more about the Splunk Enterprise CLI, see About the CLI in the Splunk Enterprise Admin Manual.

 Third-party utilities and CLI commands

You can manually create an app package using OS-specific CLI commands and utilities for working with tar archives. For example, you could use the tar command on *nix systems to package an app as follows: 

COPYFILE_DISABLE=1 tar --format ustar -cvzf <appname>.tar.gz <appname_directory>

 See also

Splunk, Splunk ›, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2025 Splunk Inc. All rights reserved.