Automate the download of artifacts from configured external repositories

Integrate with external repositories using the agent management versioned app retrieval add-on to automatically downloads and extracts artifacts from configured external repositories. After reloading agent management, new apps are available for deployment.

Automate the download of artifacts from external repositories and update your agent management deployment. After reloading agent management, new apps are available for deployment. It enables you to maintain up-to-date Splunk apps for agent deployment.

How it works

The agent management versioned app retrieval add-on connects to configured external repositories to fetch Splunk applications. Once a repository is set up, the add-on operates on a defined schedule, automatically detecting, downloading, and extracting new or updated applications to a specified target directory within Splunk ($SPLUNK_HOME/etc/deployment-apps).

Key benefits include the following:

  • Secure authentication: Authentication tokens required for connecting to external repositories (such as GitHub, GitLab, JFrog Artifactory, Sonatype Nexus Repository) are securely stored within Splunk secret storage, ensuring sensitive credentials are protected.
  • External repositories support: this add-on supports the following external repositories: GitHub, GitLab, JFrog Artifactory, Sonatype Nexus Repository.
  • Custom trust bundles: For environments using self-signed certificates (for example, privately hosted repository), the agent management versioned app retrieval add-on allows for the integration of custom trust bundles. Administrators can simply drop their certificates into the lib/certify/carcert.pem file.
  • Scheduled monitoring and auto-updates: The add-on continuously monitors configured external repositories for changes. Upon detecting a new or updated application on its schedule, the add-on automatically downloads it and extracts to a configured path.

Workflow overview

The agent management versioned app retrieval add-on follows this workflow:
  1. Checks configured external repositories on the scheduled interval.
  2. Compares available artifact versions with currently downloaded versions.
  3. Downloads new artifacts if a newer version is available.
  4. Saves artifacts to the output directory.
  5. Extracts artifacts to the configured extraction path.
  6. Reloads agent management to make new apps available.

Download process

The agent management versioned app retrieval add-on checks for and downloads the latest artifact version according to a user-specified schedule. If no newer version is available, the add-on takes no action during that scheduled run.

Artifact storage and extraction

Upon successful download, the add-on saves the artifact to $SPLUNK_HOME/etc/apps/agent_management_versioned_app_retrieval/output/<stanza_name>, where <stanza_name> is the name of the input configuration defined in inputs.conf, and then extracts it to a user-configured path.

The add-on retains the two most recent artifact versions for each configuration, automatically removing older versions when new artifacts download.

Agent management reload

After processing all inputs, the add-on reloads agent management if any configuration had an artifact update. This ensures that agent management reads all new app versions that have just been uploaded, making these apps available for deployment to agents.

Example

If you configured a GitHub repository with the stanza name "github_apps", the add-on does the following:

  1. Downloads the latest archive from the configured GitHub repository.
  2. Saves it to $SPLUNK_HOME/etc/apps/agent_management_versioned_app_retrieval/output/github_apps/
  3. Extracts the apps to $SPLUNK_HOME/etc/deployment-apps/ (if that is your configured extract_path).
  4. Reloads agent management to make the apps available for agent deployment.

Verification

To verify successful downloads, check the add-on logs at $SPLUNK_HOME/var/log/splunk/agent_management_versioned_app_retrieval.log.