Getting Data In

Using the REST API to install an app from a file

lguinn2
Legend

Under the topic POST apps/appinstall in the REST API manual, it says that appinstall "Installs a Splunk app from a local file or from a URL."

What is the meaning of "local file"? Is the file on the Splunk server or is it local to the machine that is posting the request? For example, I have an app on my laptop that I want to install on a remote Splunk machine using the REST API - will this work? [If you can answer any of these questions, you can skip the rest of this!]

Also, if I want to use python to make the REST API call, how do I set up the call using the Python SDK? Here is some code, but it doesn't work

install_endpoint=client.Endpoint("/services/apps/appinstall","")
app_to_install = { 'name' : "/mylaptop/myApp.spl" }
response = install_endpoint.post(path_segment='', owner=None, app=None, sharing=None, **app_to_install)

This code dies with an error on the third line "AttributeError: 'str' object has no attribute '_abspath'"

Note that prior to this snippet, the code was able to connect to the Splunk server and list the apps that were already installed on the machine. So I think that I just don't understand the arguments to the post function, and maybe I don't understand other aspects of the REST API either.

Please don't give me a curl example - I have several of those but I don't know how to map the curl arguments into the Python objects, attributes and functions. I have looked at the Python SDK manual and the REST API manual until I am cross-eyed, and I went through a number of examples that were provided with the SDK as well...

1 Solution

Damien_Dallimor
Ultra Champion

It is a file local to the remote Splunk server. I just executed this successfully to verify.

Also , no Splunk restart was required.App was installed and ready to go.

Here is some Python code for you :

import splunklib.client as client

def main():

    args = {'host':'remote-splunk','port':8089,'username':'admin','password':'foobar'}
    service = client.connect(**args)  
    params = {'name':'/home/remotedamien/someapp.spl'}
    service.post('apps/appinstall',**params)

if __name__ == '__main__':
    main();

View solution in original post

Damien_Dallimor
Ultra Champion

It is a file local to the remote Splunk server. I just executed this successfully to verify.

Also , no Splunk restart was required.App was installed and ready to go.

Here is some Python code for you :

import splunklib.client as client

def main():

    args = {'host':'remote-splunk','port':8089,'username':'admin','password':'foobar'}
    service = client.connect(**args)  
    params = {'name':'/home/remotedamien/someapp.spl'}
    service.post('apps/appinstall',**params)

if __name__ == '__main__':
    main();

lguinn2
Legend

Thank you!

When I am doing something for the first time, it is often the simple things that stymie me! The example of the service.post() helps a lot.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...