Splunk App Lifecycle Management – with More Peace, Love and Rock-n-Roll! · 2017-10-08 · 3 As a...

GrigoriMelnikandCeceliaCampbellSplunk

SplunkAppLifecycleManagement–withMorePeace,LoveandRock-n-Roll!

Disclaimer

Duringthecourseofthispresentation,wemaymakeforwardlookingstatementsregardingfutureeventsortheexpectedperformanceofthecompany.Wecautionyouthatsuchstatementsreflectourcurrentexpectationsandestimatesbasedonfactorscurrentlyknowntousandthatactualeventsorresultscoulddiffermaterially.Forimportantfactorsthatmaycauseactualresultstodifferfromthose

containedinourforward-lookingstatements,pleasereviewourfilingswiththeSEC.Theforward-lookingstatementsmadeinthethispresentationarebeingmadeasofthetimeanddateofitslivepresentation.Ifreviewedafteritslivepresentation,thispresentationmaynotcontaincurrentoraccurateinformation.Wedonotassumeanyobligationtoupdateanyforwardlookingstatementswemaymake.Inaddition,anyinformationaboutourroadmapoutlinesourgeneralproductdirectionandissubjecttochangeatanytimewithoutnotice.Itisforinformationalpurposesonlyandshallnot,beincorporatedintoanycontractorothercommitment.Splunkundertakesnoobligationeithertodevelopthefeaturesor

functionalitydescribedortoincludeanysuchfeatureorfunctionalityinafuturerelease.

Asadeveloper,IwanttolowermycostofSplunkappdevelopment– letmefocusonbuildingappswithoutconcerningmyselfaboutthedeploymenttopologiesandthenitty-grittyofthedeploymentprocess.

Asanadmin,Iwanttoeasily&reliablyinstallandmanageanykindofcontent(apps,addons,modules,contentpacks)acrossmyentireSplunkdeployment.

AppManageability

Develope

TargetedUserFlowSplunk

Develop

Defineappmanifest

Packageappsource

testpackageUpgrade

PUBLISHCERTIFY

DISCOVERACQUIRE

DeployApp/Systemconfiguration

APP APP

re-configure

ThepoetryofappmanageabilityNewapppackaging &deployment

tools andguidancefordevelopers andadmins that

simplifyappdeployment and troubleshooting to

distributed environments,whilepreservingappbackward compatibility

withexistingtools&practices.

Themechanicsofappmanageability

• Focusondisambiguating config andpartitioning(packaging)relevantpiecesofconfig+code intodeploymentpackages– alongphysical workloadsandlogical groupsofforwarders

Thesystemknows

All-in-onetoolforbothdevelopersandadmins

1. Devsuseittodefine andpackage anapp2. Adminsuseittopartition andprepare fordeployment3. Splunkplatform(future)mechanismwilldeploy thepartitionedapp

ThePackagingToolkit

PackagingwithanAppManifest

JSONAPP

dependencies

inputGroups

platformRequirements

incompatibleApps

optional

auto-generated

PartitioningaPackagedApp

APPPackaging

Toolkit

generate-manifest – generateamanifestforanappbasedonitsconfpackage – createasourcepackagewithmanifestpartition – partitionanappintoasetoftargeteddeploymentpackagesdescribe – describeanappconfiguration&dependenciesvalidate – validateanappcontent(incl.appmanifest,packageddependencies,well-formedness)

PackagingToolkitCommandsCheatSheet

DevFlowExample

SampleApp– SplunkAppFor*Nix

TA implieddependencies

task-basedscriptedinputs

possibleplatform-specific

inputsscript://ftr_lookups.py

inputs.confinput://lastlog.shinput://passwd.shinput://version.sh

inputs.conf

GenerateaManifest$ slim generate-manifest SA_nix –o SA_nix/app.manifestslim generate-manifest: Parsing app configuration at "SA_nix"...slim generate-manifest: Generating app manifest to "SA_nix/app.manifest"...slim generate-manifest: [NOTE] App manifest saved to "SA_nix/app.manifest"

$ slim generate-manifest TA_nix –o TA_nix/app.manifest...

$ slim generate-manifest splunk_app_for_nix –o splunk_app_for_nix/app.manifest...

"info": {

"title": "...",

"id": { ... },

"author": { ... },

"releaseDate": "...",

"description": "...",

"license": { ... },

"releaseNotes": { ... }

AppManifest- info

# Define dependencies and versions to enforce

# "dependencies": {

# "<app-id>": {

# "version": "*",

# "package": "<source-package-location>"

# Define inputs that are management tasks

# "tasks": []

AppManifest- examples# Define custom and dependency input groups

# "inputGroups": {

# "<group-name>": {

# "requires": {

# "<app-id>": ["<input-group-name>"]

# "inputs": ["<defined-inputs>"]

"tasks": [

"script://./bin/scripted_inputs/ftr_lookups.py",

AppManifest– SA_nix

"inputGroups": {

"User Monitoring": {

"description": "Monitor current user sessions and login history",

"inputs": ["script://./bin/who.sh", "script://./bin/lastlog.sh”]

”OSX Inputs": {

"description": "ES scripted inputs supported on only OSX platforms",

"inputs": ["script://./bin/sshdChecker.sh"]

"Linux Inputs": {

"description": "ES scripted inputs supported on Linux platforms",

"inputs": ["script://./bin/selinuxChecker.sh"]

AppManifest– TA_nix

"dependencies": {

"SA_nix": {

"version": "~5.2.0",

"package": "SA_nix-5.2.0.tar.gz"

"TA_nix": {

"version": "^5.2.0",

"package": "TA_nix-5.2.3.tar.gz"

AppManifest– splunk_app_for_nix

CreateaSourcePackage$ slim package SA_nixslim package: Packaging app at "SA_nix”...slim package: [NOTE] Source package exported to “SA_nix-5.2.0.tar.gz”

$ slim package TA_nixslim package: Packaging app at "TA_nix”...slim package: [NOTE] Source package exported to “TA_nix-5.2.3.tar.gz”

$ slim package splunk_app_for_nixslim package: Packaging app at "splunk_app_for_nix”...slim package: [NOTE] Source package exported to “splunk_app_for_nix-5.2.0.tar.gz"

$ slim describe splunk_app_for_nix-5.2.0.tar.gzslim describe: Describing "splunk_app_for_nix-5.2.0.tar.gz"...[info]|-- The Splunk App for Unix offers new ways to alert, report, and investigate data.| |-- by Splunk, Inc.| |-- defined as splunk_app_for_nix version 5.2.0[input-groups]|-- User Monitoring defines no inputs and requires [TA_nix]|-- Linux Group defines no inputs and requires [TA_nix]|-- SunOS Group defines no inputs and requires [TA_nix]|-- OSX Group defines no inputs and requires [TA_nix][dependency-graph]|-- splunk_app_for_nix@5.2.0| |-- SA_nix@5.2.0 (accepting ~5.2.0)| |-- TA_nix@5.2.3 (accepting ^5.2.0)

DescribeanAppPackage

SampleApp– UpdatedAPP

enforceddependencies

manifest manifesttask-basedscriptedinputs

classified

platform-specificinputsgrouped

TA_nix.tgzSA_nix.tgz

input://taskAinput://taskB

tasksinputGroups

dependencies UserMonitoring: input://lastlog.shLinuxInputs: input://sshdChecker.shOSXInputs: input://update.sh

manifest

BenefitsforDevsPrevious Method Packaging Toolkit

AppInfo • Scatteredacrossconf • Centralized location• Automaticallygenerated

DependencyManagement • ReleaseNotesrequired• Guessing version

compatibilities

• DefinedandEnforced• SemVer compatible

InputGroups • Allcontent,everywhere • Logicallygrouped

ManagementTasks • Undefined • Treated differently

StartonboardingyourappswiththePackagingToolkitGenerateamanifestandcustomizeyourrequirements

Giveusfeedback:AppMgmt-feedback@splunk.com

CalltoActionforDevs!

Butwait,inthefuture…

DependenciesareexplicitlydeclaredbytheDevs– Adminscanviewandreconcileappdependenciestoavoidconflicts

automatically

InputsarelogicallygroupedbytheDevs– Adminscantargetspecificlogictotheappropriateworkloads

automatically

Evenwithoutanappmanifest,thePackagingToolkitwillbeabletopartitionbasedonadefaultsetofrules!

BenefitsforAdmins

AdminFlowPREVIEW

Appmanageability(installation/uninstallation/update)– Automaticdependencyresolution(cascading)– Mappingoflogicalinputgroupstoserverclasses– Partitioningintotargeteddeploymentpackages

Chooseyourdeploymentmechanism– Now:Chef/Ansible/Puppet/…playbook/recipe/script– Future:AppManagementUI

KeyTakeaways

DownloadthepublicbetaofthePackagingToolkittoday:http://dev.splunk.com/goto/packaging-toolkitComevisitusattheDev Tools&GuidanceBooth!– LearnMoreandseetheDemos

Giveusfeedback:AppMgmt-feedback@splunk.com

What’sNext?

THANKYOU

Splunk App Lifecycle Management – with More Peace, Love and Rock-n-Roll! · 2017-10-08 · 3 As a...

Documents

Rivium Splunk Windows · o Splunk Enterprise Security * o uberAgent* o Splunk App for Web Analytics Common Splunk Apps & Add-ons 15 SplunkingWIndows o Splunk Add-on for Microsoft

AvePoint - SharePoint App Lifecycle Mgmnt

Splunk® App - dtbc.eu · Seite 3 von 16 1. Kurzbeschreibung Die Splunk® Aurea CRM-App stellt eine deutlich erweiterte Version der Splunk® Aurea CRM Performance-App dar, die Ihnen

Splunk For IT Operational Intelligenceuploads.integrity360.com/1425903243-Splunk-for-IT-Operations.pdf · • Splunk Apps –Splunk App for VMware –Splunk Apps for Citrix & Hyper

Splunk For IT Operational Intelligence · • Splunk Apps –Splunk App for VMware –Splunk Apps for Citrix & Hyper V –Splunk App for Microsoft Exchange –Splunk App for Active

ThreatStream Splunk App - · PDF fileUser Guide. v3.3.9 . ThreatStream Splunk User Guide . Published: 4/27/2016. Anomali, Inc. Twitter: @anomali . ThreatStream® Splunk App

Mobile app development project lifecycle

Splunk Cloud の製品概要 › ... › product-briefs › splunk-cloud.pdfSplunk App で機能を強化 Splunk Cloud は、Splunk Enterprise Security や Splunk IT Service Intelligence

Splunk App: Windows Security Operation Center

ThreatStream Splunk App - Anomali · Download ThreatStream Splunk App from . 2. From the Splunk web interface, navigate to the Apps menu in the upper lefthand, and - select

Webinar The App Lifecycle Platform

Android Lifecycle App Note

NetFlow Analytics for Splunk · NetFlow Analytics for Splunk App User Manual 3 Introduction Overview NetFlow Analytics for Splunk App is designed to deliver next generation, real-time,

ThreatScape® App for Splunk Overview, Installation and ... · PDF fileThreatScape® App for Splunk Overview, Installation and Configuration December 23, 2015 !!

Webinar: Neues zur Splunk App for Enterprise Security

App Lifecycle Engagement

Windows Azure - Automating app lifecycle

APP Lifecycle Tutorial

Advanced android app lifecycle + Patterns

Splunk App for Enterprise Security · Die Splunk App for Enterprise Security unterstützt das Drilldown von grafischen Elementen zu Rohdaten sowie die Erfassung von Übertragungsdaten,