Install and configure the agent management versioned app retrieval Add-on for Splunk Enterprise 10.2 for agent management to automate artifact downloads from GitHub, GitLab, JFrog, or Nexus repositories.
To ensure a successful installation, confirm you have the following:
- Administrator access to the agent management instance
- Splunk user credentials for API access
- Valid authentication credentials (token or password) for your external repository
- Write permissions to the $SPLUNK_HOME/etc/apps directory
- Network connectivity to the external repositories
Install the agent management versioned app retrieval add-on on your agent management instance to automate the download and deployment of Splunk apps from external repositories. The add-on supports GitHub, GitLab, JFrog Artifactory, and Sonatype Nexus Repository repositories.
- Download the agent management versioned app retrieval add-on from Splunkbase.
- Extract the add-on archive to the apps directory on agent management:
%SPLUNK_HOME%\etc\apps\.
- Adjust the execution interval for checking external repositories.
The default interval is every 5 minutes. To change this, edit the interval parameter in the [external_data_sources_add_on] stanza in $SPLUNK_HOME/etc/apps/\agent_management_versioned_app_retrieval/local/inputs.conf.
If you modify this after restart, you must restart Splunk again for the change to take effect.
Default interval cron job value is specified in $SPLUNK_HOME/etc/apps/agent_management_versioned_app_retrieval/default/inputs.conf.
- Restart Splunk so that it reads the new app configuration.
- Configure secrets required to access external repository. Store your repository credentials in Splunk secrets storage.
Replace the placeholders with your actual values:
<splunk_user> and <splunk_password>: Credentials of a Splunk administrator
<secrets_storage_username>: A unique identifier for this credential (can be any value, for example, "github_token")
<secret>: Your repository token (for Bearer authentication) or credentials in the format "username:password" (for Basic authentication)
curl -k -u <user>:<password> "https://localhost:8089/servicesNS/nobody/agent_management_versioned_app_retrieval/storage/passwords" -d name=<secrets_storage_username> -d password=<secret>
- Configure an external repository input:
- In Splunk Web, select .
- In the Local inputs table, go to Agent management versioned app retrieval line, and select Add new.
- On the Add Data page, enter your repository configuration parameters.
- Select ... to save the data input.
The agent management versioned app retrieval add-on is now installed and configured. The add-on will begin checking for artifacts according to the configured schedule (default: every 5 minutes).
To verify the installation:
- Check that the add-on appears in .
- Verify that your input configuration appears in .
- Monitor the add-on logs at $SPLUNK_HOME/var/log/splunk/agent_management_versioned_app_retrieval.log for the first execution cycle.