Package apps for Splunk Cloud Platform or Splunk Enterprise
An app package is a compressed tar archive, or tarball, with a .spl, .tgz, or .tar.gz file extension and contains the app directory and its files. An app must be packaged in order to distribute it. Users can install packaged apps directly from Splunkbase using Splunk Web or the command line. Administrators can deploy packaged apps to private Splunk platform deployments.
A packaged app contains the app directory structure and can include files for the following:
- Resources such as icons, images, and a readme
- Configurations and permissions
- Lookups
- Dashboards, views, and visualizations
- Scripts, code, and dependencies
At a minimum in Splunk Web, an app package must contain the following files:
- The app.conf configuration file
- The default.xml app navigation file
Splunkbase has additional requirements that an app package must meet for approval. For a list of Splunkbase requirements, see Reference for Splunkbase file standards.
Apps intended for Splunk Cloud Platform must pass cloud vetting. See Vet apps and add-ons for Splunk Cloud Platform.
Tools for packaging apps
Use one of the following tools to package your Splunk apps.
Splunk Packaging Toolkit
The Splunk Packaging Toolkit provides tools for authoring, partitioning, packaging, and validating a Splunk app. The Packaging Toolkit helps improve various aspects of app management, including installation, configuration, and updates.
The Packaging Toolkit CLI uses the slim
command with the following syntax:
slim [-v] [-h] [--debug] [--quiet] {config,describe,generate-manifest,package,partition,validate,update-installation} ...
For more information, see Package apps for Splunk Cloud Platform or Splunk Enterprise using the Splunk Packaging Toolkit.
Splunk Enterprise CLI command
The Splunk Enterprise CLI includes a splunk package app
command for packaging apps. This command creates a tar archive of the app directory and saves the package with the .spl file extension to $SPLUNK_HOME/share/splunk/app_packages.
The splunk package app
command merges the app /local directory with the /default directory. If you have any local configurations that you do not want in the app package, remove the /local directory before you package the app.
The app directory must be located in $SPLUNK_HOME/etc/apps to use this command.
To package an app using the Splunk Enterprise CLI, do the following:
Open a command prompt in $SPLUNK_HOME/bin.
Enter the following command:
splunk package app <appname>
If you are not logged in, you are prompted to do so.
The following example shows what this process might look like on Windows:
C:\> cd %SPLUNK_HOME%/bin C:\Program Files\Splunk\bin> splunk package app myapp App 'myapp' is packaged. Package location: C:\Program Files\Splunk\share\splunk\app_packages\myapp.spl
For more about the Splunk Enterprise CLI, see About the CLI in the Splunk Enterprise Admin Manual.
Third-party utilities and CLI commands
You can manually create an app package using OS-specific CLI commands and utilities for working with tar archives. For example, you could use the tar
command on *nix systems to package an app as follows:
COPYFILE_DISABLE=1 tar --format ustar -cvzf <appname>.tar.gz <appname_directory>