Splunk Search

wget URL for apps

cutmedia
Engager

Thanks Splunk for such a great and powerful system.

I'm trying to do a scripted deploy using this URL.

http://splunkbase.splunk.com/apps:download/Splunk+for+Unix+and+Linux/4.5/unix.spl

wget doesn't work on it. What is the best method of getting the app or any other app onto the deployment client?

Thanks,
Justin

Tags (2)

bandit
Motivator

I'd like to see this ability to use wget as well. It would be much faster than downloading to my workstation and having to use scp and/or jump hosts in some cases to transfer files around.

That being said, I have been able to drop install and app files on our deployment server in the static folder which I can access via wget from other servers.

Any folders/files placed in $SPLUNK_HOME/etc/system/static can be accessed via the following URL which you can call via wget or curl.
https://your-splunk-server.com:8089/static

0 Karma

rturk
Builder

Hi Justin,

I agree with what jgedeon120 said. Some apps (in this case the *nix app) requires some manual post-installation configuration before it actually starts collecting and forwarding data. My advice would be to:

  • Download the *nix app and install it on a full test Splunk installation on one of your Unix servers.
  • Configure the files you would like your forwarders to send into Splunk (you can either do this via the web GUI or through the config files if you're happy to do that)
  • Create a test index on your Splunk Indexer (eg. unix_test)
  • Configure your forwarder to send events to your Indexer with 'unix_test' as the target index.
  • Confirm that the events are coming through correctly, with the timestamp, host, source & sourcetypes what you expect them to be.
  • Once you're happy with all of the above, change the target index back to your default index, zip/tarball up the $SPLUNK_HOME/etc/apps/unix/ directory, then deploy this to your environment.
  • Remove the test index.

Now you'll have a *nix app that has been configured specifically for your environment.

If you've got a lot of servers, I'd recommend using a Deployment Manager, but the steps above are a fairly high-level summary of where I think you want to get to.

Hope this helps!

jgedeon120
Contributor

Justin,

You could download the apps that you want to deploy and host them to a location that they can be downloaded from and then use that location. This way, you know for sure that the version will match in the possible event that something is changed between the installs.

0 Karma

klausg
Explorer

There really should be a wget URL for every app. The Splunk installer, and universal forwarder are available using wget so why are the apps not?
Today we configure every machine using tools like asible, chef, or puppet, it part of the disaster recovery. Since apps can't be downloaded on the host using wget, we have to check them into the git repo along with the ansible scripts, and this is really bad practice, alternatively we can put them into a public maven repo, or an S3 bucket, but thats just workarounds.

kamal2222ahmed
Explorer

i second that, as i am using chef to setup apps for splunk on the target nodes

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...