Installation

Help downloading an app from Splunkbase on Mac desktop (Splunk enterprise in a VM Ubuntu distro)?

dxw350
Path Finder

I am trying to understand how when I downloaded an app from Splunkbase in .tgz and I put it on my Mac Desktop I was able to install on Splunk without having to physically untar and move it to the Ubuntu /splunk/etc folder.

How did it do this automatically even if the .tgz was only available from the host MAC desktop? My Splunk enterprise was installed in a VM Ubuntu distro.

Labels (2)
0 Karma
1 Solution

Richfez
SplunkTrust
SplunkTrust

Let me try to put this in order, because if I have this right then the reason is clear and I'll explain at the end:

You downloaded a tgz file from splunkbase.
You saved that on your Mac's desktop.
You logged into the VM's Splunk instance.
You clicked in that Splunk instance to apps, and installed a new one.
You picked the tgz file you saved as the file to upload and install.
It uploaded it and installed it.

If that's the right thing, more or less, then the answer is simple.

Splunk's "apps" install from a .tgz file or an .spl file. They're the same things, just renamed .tgz to .spl in the .spl case. When you install either one using the UI, it uploads it to the local Splunk instance you are on, unzips it into place, then generally asks you to restart Splunk to pick up the changes.

So, no magic. Well, no "extra" magic, anyway. It's just untarring it for you.

Happy Splunking,
Rich

View solution in original post

Richfez
SplunkTrust
SplunkTrust

Let me try to put this in order, because if I have this right then the reason is clear and I'll explain at the end:

You downloaded a tgz file from splunkbase.
You saved that on your Mac's desktop.
You logged into the VM's Splunk instance.
You clicked in that Splunk instance to apps, and installed a new one.
You picked the tgz file you saved as the file to upload and install.
It uploaded it and installed it.

If that's the right thing, more or less, then the answer is simple.

Splunk's "apps" install from a .tgz file or an .spl file. They're the same things, just renamed .tgz to .spl in the .spl case. When you install either one using the UI, it uploads it to the local Splunk instance you are on, unzips it into place, then generally asks you to restart Splunk to pick up the changes.

So, no magic. Well, no "extra" magic, anyway. It's just untarring it for you.

Happy Splunking,
Rich

Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...