Install the agent management versioned app retrieval add-on

Install and configure the agent management versioned app retrieval Add-on for Splunk Enterprise 10.2 for agent management to automate artifact downloads from GitHub, GitLab, JFrog, or Nexus repositories.

To ensure a successful installation, confirm you have the following:

  • Administrator access to the agent management instance
  • Splunk user credentials for API access
  • Valid authentication credentials (token or password) for your external repository
  • Write permissions to the $SPLUNK_HOME/etc/apps directory
  • Network connectivity to the external repositories

Install the agent management versioned app retrieval add-on on your agent management instance to automate the download and deployment of Splunk apps from external repositories. The add-on supports GitHub, GitLab, JFrog Artifactory, and Sonatype Nexus Repository repositories.

  1. Download the agent management versioned app retrieval add-on from Splunkbase.
  2. Extract the add-on archive to the apps directory on agent management: %SPLUNK_HOME%\etc\apps\.
  3. Adjust the execution interval for checking external repositories.

    The default interval is every 5 minutes. To change this, edit the interval parameter in the [external_data_sources_add_on] stanza in $SPLUNK_HOME/etc/apps/\agent_management_versioned_app_retrieval/local/inputs.conf.

    If you modify this after restart, you must restart Splunk again for the change to take effect.

    Default interval cron job value is specified in $SPLUNK_HOME/etc/apps/agent_management_versioned_app_retrieval/default/inputs.conf.

  4. Restart Splunk so that it reads the new app configuration.
  5. Configure secrets required to access external repository. Store your repository credentials in Splunk secrets storage.

    Replace the placeholders with your actual values:

    • <splunk_user> and <splunk_password>: Credentials of a Splunk administrator
    • <secrets_storage_username>: A unique identifier for this credential (can be any value, for example, "github_token")
    • <secret>: Your repository token (for Bearer authentication) or credentials in the format "username:password" (for Basic authentication)
    CODE 
    curl -k -u <user>:<password> "https://localhost:8089/servicesNS/nobody/agent_management_versioned_app_retrieval/storage/passwords" -d name=<secrets_storage_username> -d password=<secret>
  6. Configure an external repository input:
    1. In Splunk Web, select Settings > Data Inputs.
    2. In the Local inputs table, go to Agent management versioned app retrieval line, and select Add new.
    3. On the Add Data page, enter your repository configuration parameters.
      For detailed parameter descriptions, see Input parameters for agent management versioned app retrieval .
    4. Select ... to save the data input.

The agent management versioned app retrieval add-on is now installed and configured. The add-on will begin checking for artifacts according to the configured schedule (default: every 5 minutes).

To verify the installation:

  1. Check that the add-on appears in Settings > Apps > Manage Apps.
  2. Verify that your input configuration appears in Settings > Data Inputs > Agent management versioned app retrieval.
  3. Monitor the add-on logs at $SPLUNK_HOME/var/log/splunk/agent_management_versioned_app_retrieval.log for the first execution cycle.

For troubleshooting information, see Log files for agent management versioned app retrieval add-on .