Splunk® Add-on Builder

Splunk Add-on Builder User Guide

This documentation does not apply to the most recent version of Splunk® Add-on Builder. For documentation on the most recent version, go to the latest release.

Upgrade the Splunk Add-on Builder

Use Splunk Web to upgrade the Add-on Builder.

Because the Splunk Add-on Builder version 4.0.0 and later is compatible with only Python 3, version 3.0.0 and later of the Add-on Builder is also only compatible with Splunk version 8.0.0, which also runs on Python 3. See Python 3 Migration.

Do not delete the $SPLUNK_HOME/etc/apps/splunk_app_addon-builder folder before upgrading the app. You need this folder to configure previous projects in the upgraded version of the Add-on Builder.

  1. Download the Splunk Add-on Builder from Splunkbase.
  2. Log into Splunk Web.
  3. Click Manage Apps.
  4. On the Apps page, click Install app from file.
  5. Click Choose File and navigate to the Splunk Add-on Builder package file, then click Open.
  6. Select Upgrade app.
  7. Click Upload.
  8. After upgrade, clear the browser cache and reload the page (CMD+shift+R on Mac OSX or CTRL+shift+R on Windows) to apply the new UI changes.

Migrate your existing add-ons

When you migrate your previously created add-ons they become Python 3 compatible. This upgrade cannot be reverted.

The following migration task must be performed using version 8.2.0 of Splunk Enterprise.

  1. in your Add-on Builder user interface, click the Import Project button and select the package with the addon that you want to upgrade.
  2. Wait for it to be imported
  3. Depending on your addon settings it will be visible either in Splunk Apps or in Add-on Builder user interface

Migrate modular inputs and alerts

By default, all modular inputs and alerts built by version 4.0.0 and later are Python 3 compatible on Splunk 8.0.


Upgrade from version 4.1.1 or lower to version 4.1.2 or above of the Splunk Add-on Builder

For Add-ons created using AOB 4.1.1 or older, connections to insecure URLs without proper CA certificate were also allowed. To address this security vulnerability complete the following tasks.

Splunk Add-on Builder admin steps

  1. Upgrade the Splunk Add-on Builder to v4.1.2 or above.
  2. Edit and save all the REST API inputs.
  3. Validate & Package the custom app again.
  4. Ship the custom app to the customer asking them to follow the below steps.

Customer steps

  1. Upgrade the custom App from the Splunk UI.
  2. Restart Splunk. Note that all the REST API inputs containing the self signed URL will now begin to fail. Go to the next step to mitigate this.

Customer step to successfully run the REST API inputs containing the URLs with self signed certificate

  1. Download the self signed certificate for the URL used.
  2. Place it in the $SPLUNK_HOME/etc/apps/TA-<ta_name>/bin/ta_<ta_name>/aob_py3/certifi/cacert.pem
Last modified on 05 April, 2024
Design your add-on   Import and export an add-on project

This documentation applies to the following versions of Splunk® Add-on Builder: 4.2.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters