icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.

Accept License Agreements

Thank You

Downloading Upgrade Readiness App
SHA256 checksum (upgrade-readiness-app_301.tgz) ffb28cdbbf407f215b4833fd97e9742511f857cbeb184cf95e6a4c144e8857dc SHA256 checksum (upgrade-readiness-app_200.tgz) 6081a5523fd15b0b9790d14d9e89c4d99e2f94b3912e43c2f139c18cec9e1754 SHA256 checksum (upgrade-readiness-app_100.tgz) 8db0920dfc3ee80967f3e00b68b7b1b6cfa8e77572f1f898e4d331007b69167c
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

Upgrade Readiness App

Splunk Cloud
Splunk Built
Overview
Details
The Upgrade Readiness App is an extension of the Splunk Python Upgrade Readiness App 2.0.0 and 1.0.0. In addition to scanning your deployment for features and code that might not work with Python 3, it now also scans for jQuery vulnerabilities.

Use the Upgrade Readiness App to prepare your deployment for upgrade to Python 3 and jQuery 3.5. This app can scan Splunk apps installed on Splunk Enterprise version 7.3 and higher and Splunk Cloud Platform 8.2.2107 and higher.

The app's scan results describe the remediation actions you must take to ensure that your public and private apps work as expected after you are upgraded to a new version of Python on the Splunk platform, as well as actions you must take to remove dependency on vulnerable versions of jQuery. For example, scan results show if any apps and customizations rely on Python 2. This is important as support for Python 2 is being phased out of Splunk software.

On Splunk Cloud Platform, the Upgrade Readiness App provides these additional features:
- Scan search heads and indexers and view a combined report from both types of instances.
- Request an upgrade of the default Python version from Python 2 to Python 3.

The Upgrade Readiness App is a tool that assists you with your transition from Python 2 to Python 3, and to jQuery 3.5. Even if your deployment passes all checks, you must still independently test your private and customized apps and add-ons for incompatibilities.

The Upgrade Readiness App comes with Splunk Enterprise 8.3 and higher, as well as Splunk Cloud Platform version 8.2.2109 and higher. You do not need to install the app on these versions of Splunk Enterprise or Splunk Cloud Platform.

What the scan checks for

The Upgrade Readiness App checks for:
- Python 3 incompatible code in custom Mako templates.
- Python scripts that might fail in Python 3.
- Lower versions of jQuery prior to jQuery 3.5.
- Templates and dashboards with versions lower than 1.1.
- References to JavaScript files that Splunk software does not support.
In clustered environments, the app performs these checks on search heads and indexers and provides a merged report with remediation steps.

Which apps does the scan include

This app scans all apps and add-ons in the $SPLUNK_HOME/etc/apps and $SPLUNK_HOME/etc/slave-apps directories, with some exceptions. The app scans private apps that you have created for your own organization, as well as public apps installed from Splunkbase, including third-party apps and Splunk supported apps.

Python version switch on Splunk Cloud Platform

On the Splunk Cloud Platform version of the app, the Python Version tab is enabled by default for the sc_admin role. This lets Splunk Cloud Platform admins see the current default Python version of the cluster and, if the default version is Python 2, request an upgrade to Python 3. All upgrade requests made by the user are listed on the page.
When you request an upgrade from Python 2 to Python 3, the application sends a request to Splunk Support to upgrade the default version of Python across the entire cluster

Install the Upgrade Readiness App

Install the Upgrade Readiness App on all instances of your Splunk platform deployment that run apps or on a single test Splunk platform instance with all your apps installed on it.
The Upgrade Readiness app is installed by default on Splunk Enterprise version 8.2 and higher. If you are on a Splunk Enterprise version prior to 8.2 but after 7.3, you can download the Python Upgrade Readiness App from Splunkbase and install it on your deployment.
The Upgrade Readiness app is installed by default on Splunk Cloud Platform version 8.2.2107 and higher. You do not need to install or update the app on Splunk Cloud Platform.

Requirements

  • Splunk Enterprise version 7.3, 8.0, 8.1, or 8.2, or Splunk Cloud Platform version 8.2.2107 or higher.
  • Installed apps or add-ons.
  • KV store must be enabled.
  • A role must hold the admin_all_objects capability to install the app on Splunk Enterprise. The admin role holds this capability by default.
  • Consider increasing the splunkd session timeout value, depending on the number of custom apps in the environment.

Install the app on a search head cluster

To install the app on a search head cluster, use the deployer. For detailed instructions, see Use the deployer to distribute apps and configuration updates in the Distributed Search manual.

Performance considerations

The Upgrade Readiness App generates a final report that includes all apps after a few cycles of scanning.
On Splunk Enterprise, since the app scanning process runs asynchronously, there is no visible impact on the performance of standalone instances.
On Splunk Cloud Platform, apps that exist only on the remote location do not immediately appear in scan results. All data from all apps on the remote instance will be available in the final merged report after a few scans.
Note that the user session timeout limit is 60 minutes by default. To ensure the user session does not timeout during the app scan, increase the session timeout limit before scanning large numbers of apps, as mentioned in the requirements section.

Manage permissions for the Upgrade Readiness App

After you install the Upgrade Readiness App, you must grant permissions to any roles other than admin that you want to allow to run scans.
Prerequisite
To edit app permissions in Splunk Enterprise, your role must hold the admin_all_objects capability. The admin role holds this capability by default. To edit app permissions in Splunk Cloud Platform, you must have the sc_admin role.
To grant permission to roles to run scans:
1. In Splunk Web, click the Apps gear icon.
2. In the row for the Splunk Python Upgrade Readiness App, click Permissions.
3. Under App permissions, select the check box under Write for all roles that you want to grant permission to run scans.
4. Click Save.

Scan a Splunk platform instance with the Splunk Upgrade Readiness App

Prerequisites
To run scans, a role must hold the admin_all_objects capability. See Manage permissions for the Upgrade Readiness App. Also ensure that the KV store is enabled.
Make sure to take performance factors into consideration. See Install the Upgrade Readiness App.

The Upgrade Readiness App no longer supports manual scans.

To scan your Splunk platform instance:
1. The Upgrade Readiness App automatically scans all apps daily by default. The Python scan runs at 1 AM, and the jQuery scan runs at 4 PM. Scan results appear automatically after the scan completes.
2. Review the scan results for each app in the Python and jQuery tabs.
3. (Optional) Click Export Results to export your scan results. You can choose to export in JSON format.
4. (Optional) Click Email Result to email your scan results. Make sure to configure email settings.
5. Dismiss any failed files in your private applications if you want to mark it as an exception.
You can also run scans using the REST API. For more information, see the REST API reference for the Upgrade Readiness App.

Some Splunk apps are too large to scan. If you cannot scan a Splunk app, refer to the app's documentation for updates.

Schedule a scan

The Upgrade Readiness App scans all apps daily by default. The Python scan runs at 1 AM, and the jQuery scan runs at 4 PM. You can modify the app scan schedule, as follows:
1. In Splunk Web, launch the Upgrade Readiness App.
2. Select either the Python or jQuery tab to modify that scheduled scan.
3. Click Manage Scan Schedule.
4. Select Scan my apps on a custom schedule, then specify the scan interval.
5. Click Save.

The scan schedule applies to both local search heads and remote indexers.

Disable the scan

You can disable the scan at any time, as follows:
1. Click Manage Scan Schedule.
2. Select Turn Scan Off.
3. Click Save.
Your request is saved to the KV store, but the schedule change can take up to 2 hours to be reflected on the indexing tier.

After you disable the scan, you must explicitly enable it to rerun the scan at the defined interval. Changing the schedule in the Manage Scan Schedule dialog does not reenable the scan. Any modification to the scan schedule will be reflected on indexers (remote instances) and search heads (local instances) after 2 hours.

Disable app list updates

The Upgrade Readiness App pulls Splunkbase apps and metadata daily 7 minutes past every 8th hour. You can disable automatic app list updates, as follows:
1. Click Settings > Data inputs > Scripts.
2. Find the pura_get_all_apps.py script in python_upgrade_readiness_app.
3. Click Disable.

Disabling app list updates applies to standalone instances and not to Splunk Cloud Platform.

Act on Python scan results with the Upgrade Readiness App

After you scan your Splunk platform instance with the Upgrade Readiness app, you can review and act on the results to prepare your deployment for Python 3.

Public Apps

Review and act on the scan results for all of your public apps. Public apps are apps that are available on Splunkbase.
The Upgrade Readiness App scan results of public apps include Splunk-supported apps and third-party apps supported by partners and developers. App owners are responsible for updating their apps and releasing new versions that meet the upgrade readiness requirements of the Splunk Enterprise Python 3 release.
If you've extended an app or customized anything locally, review the results for any custom file paths that you've added to that app and take action on those to prepare for the upgrade. Otherwise, you can wait for the app owner to make updates.
For third-party apps, you can contact the developer directly using their contact details on Splunkbase to learn more about their upgrade plans. If the developer does not plan to update the app, you can make the updates yourself using the guidance in the private scan checks.
If you have a version of a public app that is not compatible with Splunk Enterprise 8.0 and higher and Python 3, but a compatible version is available, then the scan results will direct you to download that version from Splunkbase to pass the check.
The Public App status will fail and display a warning icon for any public app that does not have a version available in the splunkbase.csv list. This list is shipped with the app and updated at 7 minutes past every 8th hour in a sync to Splunkbase. In the event that a connection to Splunkbase fails, the most recent or the shipped .csv will be used in respective order as a failsafe.

Private apps

Review and act on the scan results for all of your private apps. Private apps are apps that are private to your organization and not available on Splunkbase.
Resolve blocking issues in your private apps and your customized Splunkbase apps, if any, as these will block successful upgrade to the Splunk Enterprise Python 3 release. Check all other file paths flagged by the app and determine what actions you must take to make them upgrade ready.
If one or more checks in an app is marked "SKIPPED", this means that the Upgrade Readiness App wasn't able to complete the check due to the way the app is packaged. You can repackage the app using the Splunk Packaging Toolkit and run the scan again, or check for the upgrade compatibility issues manually. For more information, see Overview of the Splunk Packaging Toolkit on the Splunk developer portal.
Apps that are compatible with Splunk Enterprise 8.0 and higher, and Python 3, are marked as "PASSED", and you might not need to take any further action. It is still recommended to test the app thoroughly.

Update Mako templates

In the Splunk Enterprise Python 3 release, some app server components of Splunk Web will use the Python 3.7 interpreter. Update all Mako templates to be Python 3 compatible so they will work on Splunk Web in the new release. If you want the app to continue to work on previous Splunk platform releases, make the syntax dual compatible with Python 2 and 3. If your organization requires you to remove Python 2 syntax completely by a certain date, you can rewrite the Mako templates to use dual-compatible syntax as an intermediate step during your upgrade process, then rewrite them to use Python 3 syntax at a later time.

Update all other Python files

The Splunk Enterprise Python 3 release will initially include interpreters for both Python 2 and 3. In that release, for all Python code not dependent on Splunk Web or the app server, Splunk platform administrators can choose to use either interpreter by default and on a script-by-script basis. In a later release, Splunk plans to remove the Python 2 interpreter.
As a best practice, update Python files in your apps to be compatible with both Python 2 and 3 so that they are backwards compatible with previous releases, compatible with either Python interpreter in the Splunk Enterprise Python 3 release, and compatible with future releases when the Splunk platform removes the Python 2 interpreter. If your organization requires you to remove Python 2 syntax completely by a certain schedule, rewrite them using Python 3 syntax.
To make Python scripts dual compatible, use a Python 2/3 compatibility utility such as six, provided by the Python Software Foundation. For more about the six library, see https://pypi.org/project/six/.
If the Upgrade Readiness App identifies one or more Python scripts that are used in scripted alerts, convert those scripted alerts to custom alert actions. Scripted alerts are deprecated and might not work in future releases of the Splunk platform.

Act on jQuery scan results with the Upgrade Readiness App

After you scan your Splunk platform instance with the Upgrade Readiness app, you can review and act on the results to remove dependencies on lower versions of jQuery from your deployment.

Public Apps

Review and act on the scan results for all your public apps. Public apps are apps that are available on Splunkbase.
The Upgrade Readiness App scan results include Splunk-supported apps and third-party apps supported by partners and developers. App owners are responsible for updating their apps and releasing new versions after removing jQuery vulnerabilities.
If you've extended an app or customized anything locally, review the results for any custom file paths that you've added to that app and take action on those to prepare for the upgrade. Otherwise, you can wait for the app owner to make updates.
For third-party apps, you can contact the developer directly using their contact details on Splunkbase to learn more about their upgrade plans. If the developer does not plan to update the app, you can make the updates yourself using the guidance in the private scan checks.
If you have a version of a public app that is failing, but a compatible version is available on Splunkbase, then the scan results will direct you to download that version from Splunkbase to pass the check.
The Public App status will fail and display a warning icon for any public app that does not have a version available in the splunkbase.csv list. This list is shipped with the app and updated at 7 minutes past every 8th hour in a sync to SplunkbaseIn the event that a connection to Splunkbase fails, the most recent or the shipped .csv will be used in respective order as a failsafe.

Private Apps

Review and act on the scan results for all your private apps. Private apps are apps that are private to your organization and not available on Splunkbase.
Resolve blocking issues in your private apps and your customized Splunkbase apps, if any. Check all other file paths flagged by the app and determine what actions to take to make them upgrade ready.
You can repackage the app using the Splunk Packaging Toolkit and run the scan again, or check for the upgrade compatibility issues manually. See Overview of the Splunk Packaging Toolkit on the Splunk developer portal for more information.
If one or more checks in an app is marked "SKIPPED", this means that the Upgrade Readiness App wasn't able to complete the check due to the way the app is packaged. You can repackage the app using the Splunk Packaging Toolkit and run the scan again, or check for the upgrade compatibility issues manually. For more information, see Overview of the Splunk Packaging Toolkit on the Splunk developer portal.
Apps that have no jQuery vulnerabilities are marked as "PASSED", and you might not need to take any further action. It is still recommended to test the app thoroughly.

Public and Private apps

Review and act on the scan results with methods that apply to both public and private apps.

Dismiss file paths

The Upgrade Readiness App lets you dismiss individual file paths from the scan results. Dismiss file paths after you verify that they have no jQuery vulnerabilities to narrow down the list to files that still require attention.
When you dismiss a file path, you'll be able to see such file in a separate table and they won't be accounted as a failure in subsequent scans.

Dismiss apps

The Upgrade Readiness App lets you dismiss both public and private apps from the scan results. Dismiss apps after you verify that they have no jQuery vulnerabilities to narrow down the list to apps that still require attention.
When you dismiss an app, that app will be marked as an Exception and it won't be accounted as a failure in the subsequent scans. You'll still be able to execute scans on that app and view results.

Reinstating dismissed file

Take one of the following actions if you accidentally dismiss an app or file path and want to reinstate it in future scans:
- Delete the Upgrade Readiness App from your Splunk platform instance and then reinstall it.
- Run the following command in the Search & Reporting app to recover all the file paths you have ever dismissed:
| outputlookup jra_remote_dismiss_file
- Run the following command in the Search & Reporting app to recover all the apps you have ever dismissed:
| outputlookup jra_remote_dismiss_app

Disable email notification

The Upgrade Readiness App sends an email notification to the admin or sc_admin users, which summarizes the count of failed apps during the latest scan. The notification is sent at 6 AM every Monday based on the Splunk system time zone. You can disable email notification, as follows:
1. In Splunk Web, click Settings > Data inputs > Script.
2. Search for the pura_send_email.py script in python_upgrade_readiness_app and click Disable.

Release notes for the Splunk Python Upgrade Readiness App

The Python Upgrade Readiness App version 3.0.1 was releasedin Q3 of 2021. This version is compatible with Splunk Enterprise versions 7.3, 8.0, 8.1 and 8.2 and higher, and Splunk Cloud Platform 8.2.2107 and higher.

Known issues and troubleshooting

  1. Upon upgrading this application from version 2.0.0 to 3.0.0 you may face an error. In this case wait for 4 to 5 minutes after which the report will be automatically loaded and if the report is not yet generated then you will see an appropriate message.
  2. For fetching the Splunkbase metadata frequently user can modify the interval in script://$SPLUNK_HOME/etc/slave-apps/python_upgrade_readiness_app/bin/pura_get_all_apps.py stanza the input.conf. For help on setting the interval in cron format refer to this link https://crontab.guru/ After updating the interval the user needs to restart the Splunk.
  3. For converting a public app to private app please follow below mentioned steps
    a. Add the public app(folder) name into the lookup file, location $SPLUNK_HOME/etc/apps/python_upgrade_readiness_app/lookups/pura_mark_public_as_private.csv
    b. Then fire this query in the search-head - | stats count | eval app_folder_name = "<name of application folder>" | table app_folder_name | outputlookup append=true pura_mark_public_as_private

Change the frequency of Splunkbase metadata

To fetch the Splunkbase metadata more frequently, modify the interval setting in the following scripted input stanza in inputs.conf:
script://$SPLUNK_HOME/etc/slave-apps/python_upgrade_readiness_app/bin/pura_get_all_apps.py
After updating the interval, you must restart Splunk.
For more information on scripted inputs, see inputs.conf
For help setting the interval in cron format, see https://crontab.guru

Convert a public app to a private app

You can convert a public app to a private app for scanning purposes, as follows:
1. Add the public app (folder) to the lookup file at the following location: $SPLUNK_HOME/etc/apps/python_upgrade_readiness_app/lookups/pura_mark_public_as_private.csv
2. Run the following search:
| stats count | eval app_folder_name = "<name of application folder>" | table app_folder_name | outputlookup append=true pura_mark_public_as_private

Release Notes

Version 3.0.1
Sept. 22, 2021
Version 2.0.0
Sept. 7, 2021
Version 1.0.0
April 9, 2021
73,756
Installs
4,916
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.