We are thrilled to announce an exciting new feature for Splunk Cloud Platform that has been highly anticipated by our community: the ability for cloud admins to export apps! This feature has been a top-ten most requested Splunk idea, which is no small feat given the 7,000+ ideas submitted by our vibrant user community. With the ability to export apps you can now more easily reuse application components, troubleshoot configuration issues, and better understand and support existinfg applications in your Splunk Cloud Platform.
With the new app export functionality, cloud admins can now export app files and associated user changes made in the cloud — files from app/default, app/local, and user/app/local files. This capability is available in Splunk Cloud Platform deployments on Victoria Experience version 9.2.2403 and higher. To get access to export cloud apps, cloud admins simply call Admin Config Service (ACS) through the ACS CLI or direct API calls.
Cloud admins face several challenges when managing their apps. Exporting app data used to require dedicated support ticket(s) that could take up to days to get information back. This made the process cumbersome and time-consuming, often requiring additional intervention that could delay cloud admins even more.
The new app export feature addresses these pain points by giving cloud admins and app developers direct access to their app data, making it easier to manage, troubleshoot, and further develop their apps all with Splunk Cloud Platform. This self-service tool is designed to support Victoria cloud admins in their day-to-day operations, providing them with greater control and visibility over their apps.
To access this feature, any cloud admin in a stack can use Admin Config Service (ACS) to export a single app through the ACS API or CLI. Additionally, cloud admins can also batch export apps soon using the ACS CLI.
Cloud admins can use ACS to target which search head group to export app data from. They can specify which directories to export app data from: app/default, app/local, or user/<<app>>/local. The API will return the app in a .tar file format.
It's important to note that some Splunk default apps, such as Search and Premium Apps, will not export app/default data. However, nearly any change users make in the UI in these apps will continue to be exportable in app/local and user/<<app>>/local files. This provides cloud admins with the flexibility they need to manage their environments more effectively.
Understanding App Data: Admins can now keep local copies and exported snapshots of their apps and associated app data. This capability is helpful for maintaining a comprehensive understanding of app and user configurations that are maintained within the cloud.
Troubleshooting Made Easier: With clearer visibility into app and user configurations, cloud admins can troubleshoot issues and conf interactions more effectively. App export provides valuable insights into what changes have been made and helps cloud admins identify and revert changes in the UI.
Streamlined Change Management: Cloud admins and developers can capture changes made in the UI and manually merge them into default configurations. This allows for smoother app development and deployment processes and makes it easier to incorporate user-created customizations into other apps’ default files.
Assigning Export Capability: Once a cloud admin has requested and received the app export capability, they can assign the capability to other roles within their organization. Only one authorized cloud admin per stack needs to request the app export functionality. Note that the app export capability will be assigned to all sc_admins in the stack.
UI Integration: In future Splunk updates, we will integrate individual app export capabilities on the app manager listing UI page. More immediately, we will include app export into the ACS Helper App.
Support for Local Files: When installing or upgrading an app, default files will continue to be supported while local files will remain unsupported. An app exported with local configurations will not immediately be uploadable to Splunk Cloud Platform if it contains any local files.
Some Redacted Information: The app export functionality will natively redact some information in apps such as content in passwords.conf.
Search Head Targeting: Search head targeting is natively supported through ACS. ACS targets a specific search head group to export those specific local files. If the same app is on multiple search head groups, then two calls to ACS will be required to export all of the local data. Learn more.
Supported Apps: App Export works for Splunkbase and Customer Developed (Private) apps. Some Splunk default apps, like Search, will allow you to export app/local and user/app/local data but will not export that app’s default files. Additionally at this time, exporting data from Premium Apps, like ES or ITSI, is not supported.
App Export is currently available upon request for Victoria stacks only in 9.2.2403. This will further enhance the cloud admin experience, making it even easier to manage and deploy apps.
For more detailed information, customers should refer to the documentation posted here.
We are excited to see how our community will leverage this new capability to streamline their operations and achieve greater success with Splunk Cloud Platform.
Since the publishing of this blog post, we have removed the requirement to contact support to first use app export. Cloud Admins can now directly use ACS without any additional enablement steps, making the process faster and more accessible. This change, updated in September of 2024, is applicable to all app export enable stacks in Victoria environments running version 9.2.2403 and above, ensuring that cloud admins can immediately benefit from this streamlined functionality.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.