Install the Splunk App for Content Packs
To access the content packs on the Data Integrations page of ITSI or IT Essentials Work, you have to install the Splunk App for Content Packs. You can install the Splunk App for Content Packs on your Splunk Cloud Platform or on-premises environment. The Splunk App for Content Packs is compatible with ITSI and IT Essentials Work on Splunk Cloud Platform.
Install the Splunk App for Content Packs on a Splunk Cloud Platform environment
The Splunk App for Content Packs is compatible with ITSI and IT Essentials Work on Splunk Cloud Platform. Splunk Cloud Platform customers can file a case requesting the Splunk App for Content Packs. Use the Splunk Support Portal at Support and Services or contact Splunk Customer Support. You can install the Splunk App for Content Packs on single-instance and distributed deployments.
Install the Splunk App for Content Packs on a single, on-premises environment
At this time, you can't install the Splunk App for Content Packs from the Splunk Web interface.
Follow these steps to install the Splunk App for Content Packs on a single, on-premises Splunk Enterprise environment.
- Download the Splunk App for Content Packs from Splunkbase.
- Put the downloaded file
splunk-app-for-content-packs_<latest_version>.spl
into $SPLUNK_HOME/etc/apps. - Stop your Splunk platform deployment. For example:
cd $SPLUNK_HOME/bin ./splunk stop
- Extract the installation package into $SPLUNK_HOME/etc/apps. For example:
tar -xvf splunk-app-for-content-packs_<latest_version>.spl -C $SPLUNK_HOME/etc/apps
On Windows, rename the file extension from .spl to .tgz first and use a third-party utility to perform the extraction.
The extracted directories have the following naming convention
DA-ITSI-CP-<contentpack>
andDA-ITSI-ContentLibrary
. - Start your Splunk platform deployment. For example:
cd $SPLUNK_HOME/bin ./splunk start
Install the Splunk App for Content Packs on a search head cluster environment
Follow these steps to to install the Splunk App for Content Packs on a search head cluster Splunk Enterprise environment.
- Download the Splunk App for Content Packs from Splunkbase.
- On the deployer, extract the Splunk App for Content Packs installation package into the $SPLUNK_HOME/etc/shcluster/apps directory. For example:
tar -xvf splunk-app-for-content-packs_<latest_version>.spl -C $SPLUNK_HOME/etc/shcluster/apps
- From the deployer, run the following command to deploy IT Essentials Work to the cluster members:
splunk apply shcluster-bundle -target <URI>:<management_port> -auth <username>:<password>
Note the following:
- The
-target
parameter specifies the URI and management port for any member of the cluster, for example,https://10.0.1.14:8089
. You specify only one cluster member but the deployer pushes to all members. This parameter is required. - The
-auth
parameter specifies credentials for the deployer instance.
For more information on deploying a configuration bundle, see Deploy a configuration bundle in the Splunk Enterprise Distributed Search Manual.
- The
Install the Splunk App for Content Packs on a distributed environment
You can install the Splunk App for Content Packs on any distributed Splunk Enterprise environment.
Where to install the Splunk App for Content Packs
Splunk instance type | Supported | Required | Actions required |
---|---|---|---|
Search heads | Yes | Yes | Install the Splunk App for Content Packs on all search heads. Search heads have to be running a compatible version of Splunk Enterprise. For compatible versions, see the compatibility matrix. |
Indexers | Yes | No | The Splunk App for Content Packs doesn't require indexers. |
License master | Yes | No | The Splunk App for Content Packs doesn't require a license master component. |
Heavy forwarders | Yes | No | The Splunk App for Content Packs doesn't contain a data collection component. |
Universal forwarders | Yes | No | The Splunk App for Content Packs doesn't contain a data collection component. |
Install the Splunk App for Content Packs for ITSI or IT Essentials Work 4.8.x and below
If you are using ITSI or ITE Work 4.8.x and lower, the install method through Splunk App for Content Packs isn't available. Instead, you have to download the content pack as a backup ZIP file and restore it using the backup/restore functionality. The ZIP files, when available, are embedded within the documentation in the installation steps of each content pack. For example, you can find the ZIP file for the Content Pack for ITSI Monitoring and Alerting on the install and configure topic. See Install and configure the Content Pack for ITSI Monitoring and Alerting. Note, many content packs were developed for install through the Splunk App for Content Packs only. As a result, these content packs don't have a ZIP file available in documentation.
Overview of the Splunk App for Content Packs | Migrate from legacy apps to content packs |
This documentation applies to the following versions of Splunk® App for Content Packs: 1.3.0, 1.4.0, 1.5.0
Feedback submitted, thanks!