Export apps in Splunk Cloud Platform
The Admin Config Service (ACS) API lets you export data from individual apps installed on your Splunk Cloud Platform deployment on a self-service basis.
ACS supports app export on Splunk Cloud Platform deployments on Victoria Experience only.
You can use ACS app export to retain a snapshot of your current app configuration and associated app data, which can be helpful for troubleshooting, configuration management, and app development purposes.
ACS supports export of app configurations, knowledge objects, and metadata from app/default, app/local, and users/app directories. For information on the Splunk app directory structure, see Anatomy of a Splunk app on the Splunk Developer Portal.
Requirements
To enable use of the ACS app export API, the sc_admin (cloud admin) can directly assign the export_apps role to any user without assistance from Splunk support.
To export apps using the ACS API:
- Your deployment must be on one of the following Splunk Cloud Platform versions:
- 9.2.2403.113 and higher
- 9.2.2406.109 and higher
- 9.3.2408.103 and higher
- 9.3.2411 and higher
To upgrade your Splunk Cloud Platform version, contact Splunk Support
- Your Splunk Cloud Platform deployment must be on Victoria Experience.
- You must hold the export_apps role or a role that contains the export_apps capability. The sc_admin role can assign the export_apps role to any user. The sc_admin role does not contain the export_apps capability by default, but sc_admin can directly assign itself the export_apps role or the export_apps capability.
ACS supports app export for most private apps and Splunkbase apps, with the exception of restricted Splunkbase apps. For more information on restricted apps, see Install restricted splunkbase apps in the Splunk Cloud Platform Admin Manual.
ACS does not support app export for premium apps, such as Splunk Enterprise Security or ITSI. ACS does not support app export for default apps, with the exception of the search app, for which ACS supports export of local and user configuration data only.
Set up the ACS API
Before using the ACS API, you must download the ACS OpenAPI 3.0 specification, which includes the parameters, response codes, and other data you need to work with the ACS API.
You must also create an authentication token in Splunk Cloud Platform for use with ACS endpoint requests. For details on how to set up the ACS API, see Set up the ACS API.
Export an app using the ACS API
To export an app using the ACS API, send an HTTP GET request to the apps/victoria/export/download/{app_id}
endpoint, specifying the app_id in the request URL.
You can also optionally specify default
, local
, users
, or confs_only
as query parameters in the request URL, to limit data export to the specified directories or configuration files only. These parameters have the following default values:
Parameter | Default value |
---|---|
default | true |
local | true |
users | true |
confs_only | false |
For example:
curl -X GET 'https://admin.splunk.com/sh-i-xxx.test-export/adminconfig/v2/apps/victoria/export/download/app_test?local=true&default=false&users=true' \ --header 'Authorization: Bearer eyJraWQiOiJz...' --output app_test.tar.gz
By default ACS targets the primary search head or search head cluster of your deployment. To export an app from additional standalone search heads or search head clusters, you must target the specific search head or search head cluster in the request URL. See Target a specific search head for ACS operations.
The request outputs the exported app data as a tar file in the format <app_id>.tgz. For example:
app_test.tgz
If you receive a tar: Error opening archive
message when uncompressing the tar file, run the cat
command against the file to see the error explanation. For example:
% tar -zxvf test.tar.gz tar: Error opening archive: Unrecognized archive format
% cat test.tar.gz {"code":"400-bad-request","message":"stack must have search head. Please refer https://docs.splunk.com/Documentation/SplunkCloud/latest/Config/ACSerrormessages for general troubleshooting tips."}
For endpoint details, see app/victoria/export/download/{app_id} in the ACS endpoint reference.
Configure outbound ports for Splunk Cloud Platform | Manage app permissions in Splunk Cloud Platform |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408
Feedback submitted, thanks!