Installing Apps
As a Splunk developer, you should be aware of the three methods to install Apps. There are advantages and disadvantages to each method, but no required method. It is mostly personal preference as to which method is used by the end user, but, typically, newer Splunk users will use the Web interface, while advanced users will use the command line. Let's review those methods, just to keep them fresh in your mind.
Splunk Web
Installing Apps via Splunk Web is simple. Once you have downloaded the App from its source, you navigate to the Manage Apps section of Splunk. You will find this at the top-left of Splunk Web, as shown in the following screenshot:
Once you have clicked on Manage Apps, you will see a button to install the app from a file. You can also browse the Splunk App store, using the first button:
This brings you to a form that you can use to actually install the App. Simply click on the Browse button, select the file you downloaded, check the Upgrade button if this App has already been installed, and then click on Upload. That's it! Splunk takes the App, installs it, and prompts to restart if needed:
The Splunk command line
CLI holds a special place in many *nix admins' hearts. It is entirely possible to install Apps via the command line alone. Doing so requires having the following: access to the physical (or virtual) server and enough permissions to perform CLI commands with Splunk. All commands are going to be executed from $SPLUNK_HOME, which normally defaults to /opt/splunk. Follow these steps to install an App via CLI:
- Copy the App file (either a
*.tgzor*.splfile) to the filesystem. - Run the
./bin/splunk install app <path_to_file>command.
Splunk will install the App. You may be prompted to restart, depending on the contents of the App. Index-time configurations require a restart, whereas search-time configurations do not.
Unzipping using the command line
The final methodology is to perform an unzip/untar. If the App was constructed properly, the only steps you need to perform are as follows:
- Copy the file to
$SPLUNK_HOME/etc/apps. - Change the file extension from
.splto.zip. - Use your favorite utility and unzip the file into the folder.
Note
Caution! This will overwrite any other settings you have configured, including local configurations (if present in the zip file). We will cover directory structure in the next chapter.
Tip
Downloading the example code
You can download the example code files from your account at http://www.packtpub.com for all the Packt Publishing books you have purchased. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
