Export Splunk Cloud apps

Export Your Splunk Cloud Apps

Splunk Cloud Platform recently got an exciting new feature, it’s the new app export feature which provides cloud admins self-service capability to export app configuration files and associated app data.

Before this feature, app exports were only available through a time-consuming support ticket process. With this self-service feature, cloud admins can easily get a snapshot of their apps in Splunk Cloud that they could use for understanding, troubleshooting or further development of their apps. App export is accessible via Admin Config Service (ACS), either using their REST APIs or by ACS commandline. This feature is currently limited to Splunk Cloud platforms on the Victoria experience. 

This blog post provides detailed instructions on exporting Splunk Cloud apps using the ACS CLI tool. If you’re new to ACS CLI, we recommend reviewing our detailed tutorial on its configuration and common operations.

Configure ACS CLI

As a first step, we need to configure ACS CLI to work with the Splunk Cloud stack. Follow the instructions given in Splunk documentation to configure ACS CLI. A few important things to consider,

  1. To use the app export feature using ACS, the Splunk deployment must meet these version requirements.
  2. Splunk Cloud Platform is deployed on Victoria experience. You can access the information about your Splunk Cloud Platform experience by navigating to the Splunk GUI → Help → About page.
  3. The user configured with ACS CLI should have export_apps role capabilities.

ACS supports exporting default, local, user configuration from private/Splunkbase apps except for a few restricted apps. More details of the restrictions can be found in the Splunk documentation.

Exporting app configuration

After configuring ACS CLI, the next step is to prepare a JSON file with the list of app IDs of the apps that need to be exported. Here is an example of the json file content:

This file will be used in the export command to tell ACS which app’s configuration to be exported. For this demo, i have the JSON file ‘app_export.json’ with the following content:

Meta_Woot  is a Splunkbase app and as the name suggests my_private_app is a private app I created.

To download the whole content of the apps, run the following command:

Apps were exported in .tar.gz format. 

Splunk Cloud Export

Extracting the gzip files provides the full content of the app including the user configuration located in $SPLUNK_HOME/etc/users/<user_name>/<app_name>/local

You may not always need to export the whole content of the app, to limit the data export, ACS CLI provides the following flags:

Here is an example of using the data export flags:

This will limit the export to only configuration files available in default and local folder. Based on the requirement, the flags can be modified to export the needed data. 

A few additional things to note; Along with the data export flags, there are a few more flags acs app export command provides which helps directing the export path, and log file path for the export operation. Run acs apps export --help command to get the full list of options available

In summary, exporting apps from Splunk Cloud using ACS commandline is a straightforward process that can save you time and effort. Follow the steps in this blog post to easily understand how to configure ACS commandline and export your apps.


Looking to expedite your success with Splunk? Click here to view our Professional Service offerings.

© Discovered Intelligence Inc., 2024. Unauthorized use and/or duplication of this material without express and written permission from this site’s owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Discovered Intelligence, with appropriate and specific direction (i.e. a linked URL) to this original content.