CLI Wrapper for Splunk AppInspect: Getting API on the Command Line
If you’ve ever built a Splunk app and vetted it for Splunk Enterprise or Splunk Cloud, you probably used Splunk’s AppInspect tool.
While Splunk provides a CLI (command line) tool and API for AppInspect, the CLI tool does not talk to the AppInspect API–that’s where our tool, CLI Wrapper for Splunk AppInspect, comes in.
Here at Hurricane Labs, we inspect a lot of Splunk apps, so having the versatility to interact with the API on the command line is important to us. Our tool lets us do just that–and we can also use it as part of our Continuous Integration solution for our Splunk apps.
This post–and the associated video demo–walks you through installing and using this tool on MacOS–but not to worry if you aren’t running Mac. Our AppInspect tool is available for Linux and Windows, too.
Installing on MacOS
1. In the terminal, we’re going to run: brew tap hurricanelabs/CLI-Wrapper-for-AppInspect-API
2. Then: brew install CLI-Wrapper-for-AppInspect-API
3. Once it’s installed successfully, you can run appinspect --help
From here you can see we need to give it a file, we can give it multiple tags, and you’ll need to give it your username and password for your Splunk account.
4. Run the tool: appinspect -f ~/path/to/your/splunk_app.tgz -t cloud -t future
I’m running the command with two tags: cloud and future.
Note that because my username and password are set as environment variables on my system, it will automatically look for those values, so I don’t need to include them every time I run the command.
If you didn’t set your username and password as environment variables, then the following should work for you: appinspect -u -p -f ~/path/to/your/splunk_app.tgz -t cloud -t future
5. Once it finishes processing, it will output to your command line. As you scroll through, you’ll see it’s color coded to show what passed and failed depending on the tags that you provided.
Conclusion
There are other settings you can configure for this command line tool–just run the help menu and use what works for you.
Happy Splunking!
The post CLI Wrapper for Splunk AppInspect: Getting API on the Command Line appeared first on Hurricane Labs.
*** This is a Security Bloggers Network syndicated blog from Hurricane Labs authored by Ian Gillespie. Read the original post at: https://hurricanelabs.com/splunk-tutorials/cli-wrapper-for-splunk-appinspect-getting-api-on-the-command-line/?utm_source=rss&utm_medium=rss&utm_campaign=cli-wrapper-for-splunk-appinspect-getting-api-on-the-command-line
