Skip to content

Building Wazuh app package for Splunk

Jump to bottom
Manuel J. Bernal edited this page Dec 5, 2018 · 1 revision

Requeriments

  • Git
  • Some tool for compressing the Wazuh App into a .tar.gz package

Getting the Wazuh App for Splunk

  1. Clone the wazuh-splunk repository.
$ git clone https://github.com/wazuh/wazuh-splunk.git
  1. Select the branch that you want.
$ cd wazuh-splunk
$ git checkout {$BRANCH}
  1. Compress SplunkAppForWazuh directory.
$ tar -czf SplunkAppForWazuh.tar.gz SplunkAppForWazuh/
  1. Now you have a .tar.gz package, you can install the app by executing the following commands:
# {$SPLUNK_PATH}/bin/splunk install app {$APP_PATH}/etc/apps/SplunkAppForWazuh.tar.gz

This step requires admin credentials:

Splunk username: {$YOUR_USER}
Password: {$YOUR_PASSWORD}
App '{$SPLUNK_PATH}/etc/apps/SplunkAppForWazuh.tar.gz' installed
You need to restart the Splunk Server (splunkd) for your changes to take effect.
  1. Finally, restart the Splunk service and the app will be ready:
# {$SPLUNK_PATH}/bin/splunk restart
Clone this wiki locally