docker-splunk icon indicating copy to clipboard operation
docker-splunk copied to clipboard

Published 20 hours ago verified publisher icon splunk

Easier use of add-on builder

Open MKletz opened this issue 4 years ago • 3 comments
trafficstars

Hello, we make frequent use of the add-on builder with a local container for development. I think it would make a lot of lives easier if there was a docker image with the add-on builder pre-installed with parameters to accept a path to a project file to import. Not sure how possible this is.

MKletz avatar May 28 '21 16:05 MKletz

Is this the add-on builder you're referring to? https://splunkbase.splunk.com/app/2962/

I'm not too familiar with this product myself, but could you briefly describe the workflow you're using with this + the docker image?

nwang92 avatar Jun 05 '21 00:06 nwang92

@nwang92 yes that is what I'm reffering too, we currently use this to build custom TAs for our Splunk environment but do our development within a local container. The current process below requires several manual steps and developers to have a Splunkbase account to use. Ideally there is a development focused fork of the container or just some options that can pre-install the dev environment and import a project file.

Currently we have to:

  1. start the container
  2. install the add-on
  3. import the project file for our TA.

MKletz avatar Jun 09 '21 15:06 MKletz

@MKletz FYI the SPLUNK_APPS_URL accepts any URL to download/install any app when starting the container and not only limited to Splunkbase. As example, you can host the add-on builder on S3 and simply add the HTTP location to the environment. I do the same with pre-installing the BotsV3 dataset by specifying SPLUNK_APPS_URL=https://botsdataset.s3.amazonaws.com/botsv3/botsv3_data_set.tgz.

AddonBuilder projects are regular splunk apps, so you can apply the same method to automatically download your custom projects as well :)

PS. Any credentials you specify in the SPLUNKBASE_PASSWORD will automatically be used when downloading the apps from non-splunkbase URLs as well. This way you can add some basic form of authentication. As an alternative, I use a CICD pipeline that pushes custom apps via HTTP to any Splunk web endpoint. You can find the Python script here if this can be of use to you: https://github.com/d3vzer0/splunk-buildtools/blob/master/upload.py

d3vzer0 avatar Aug 17 '21 09:08 d3vzer0