Export apps in Splunk Cloud Platform

The Admin Config Service (ACS) API lets you export data from individual apps installed on your Splunk Cloud Platform deployment on a self-service basis.

ACS supports app export on Splunk Cloud Platform deployments on Victoria Experience only.

You can use ACS app export to retain a snapshot of your current app configuration and associated app data, which can be helpful for troubleshooting, configuration management, and app development purposes.

ACS supports export of app configurations, knowledge objects, and metadata from app/default, app/local, and users/app directories. For information on the Splunk app directory structure, see Anatomy of a Splunk app on the Splunk Developer Portal.

Requirements

To enable use of the ACS app export API, the sc_admin (cloud admin) can directly assign the export_apps role to any user without assistance from Splunk support.

To export apps using the ACS API:

• You must have Splunk Cloud Platform version 9.2.2403.
• Your Splunk Cloud Platform deployment must be on Victoria Experience.
• You must hold the export_apps role or a role that contains the export_apps capability. The sc_admin role can assign the export_apps role to any user. The sc_admin role does not contain the export_apps capability by default, but sc_admin can directly assign itself the export_apps role or the export_apps capability.

ACS supports app export for most private apps and Splunkbase apps, with the exception of restricted Splunkbase apps. For more information on restricted apps, see Install restricted splunkbase apps in the Splunk Cloud Platform Admin Manual.

ACS does not support app export for premium apps, such as Splunk Enterprise Security or ITSI. ACS does not support app export for default apps, with the exception of the search app, for which ACS supports export of local and user configuration data only.

Set up the ACS API

Before using the ACS API, you must download the ACS OpenAPI 3.0 specification, which includes the parameters, response codes, and other data you need to work with the ACS API.

You must also create an authentication token in Splunk Cloud Platform for use with ACS endpoint requests. For details on how to set up the ACS API, see Set up the ACS API.

Export an app using the ACS API

To export an app using the ACS API, send an HTTP GET request to the apps/victoria/export/download/{app_id} endpoint, specifying the app_id in the request URL.

You can also optionally specify default, local, users, or confs_only as query parameters in the request URL, to limit data export to the specified directories or configuration files only.

For example:

curl -X GET 'https://admin.splunk.com/sh-i-xxx.test-export/adminconfig/v2/apps/victoria/export/download/app_test?local=true&default=false&users=true' \
--header 'Authorization: Bearer eyJraWQiOiJz...' 

By default ACS targets the primary search head or search head cluster of your deployment. To export an app from additional standalone search heads or search head clusters, you must target the specific search head or search head cluster in the request URL. See Target a specific search head for ACS operations.

The request returns the exported app data as a tar file in the format <app_id>.tgz. For example:

app_test.tgz

For endpoint details, see app/victoria/export/download/{app_id} in the ACS endpoint reference.