A Claude Skill for fetching the latest download URLs from Splunkbase applications. This skill is particularly useful when creating Docker Compose configurations for Splunk deployments.
This skill enables Claude to:
- Fetch the latest release download URL for any Splunkbase app by ID
- Generate comma-separated URLs for multiple apps
- Create properly formatted
SPLUNK_APPS_URLenvironment variables - Integrate seamlessly with Docker Compose configurations
- Download the
splunkbase-skill.zipfile from the latest GitHub release - Follow the instructions: Using Skills in Claude
- Extract and import the skill in your Claude workspace
pip install requestsfrom splunkbase_urls import get_splunkbase_app_url, get_multiple_splunkbase_urls
# Single app
url = get_splunkbase_app_url("4353")
print(url)
# Output: https://splunkbase.splunk.com/app/4353/release/1.8.20/download/
# Multiple apps
urls = get_multiple_splunkbase_urls(["4353", "7931"])
print(urls)
# Output: https://splunkbase.splunk.com/app/4353/release/1.8.20/download/,https://splunkbase.splunk.com/app/7931/release/0.2.6/download/curljq(install withbrew install jqon macOS orapt-get install jqon Linux)
Make the script executable:
chmod +x get_splunkbase_urls.sh# Single app
./get_splunkbase_urls.sh 4353
# Multiple apps
./get_splunkbase_urls.sh 4353 7931 1876 833
# Verbose output with app details
./get_splunkbase_urls.sh -v 4353 7931
# Use in Docker Compose generation
SPLUNK_APPS_URL=$(./get_splunkbase_urls.sh 4353 7931)
echo "SPLUNK_APPS_URL: $SPLUNK_APPS_URL"
# Use in environment file (.env)
echo "SPLUNK_APPS_URL=$(./get_splunkbase_urls.sh 4353 7931)" >> .env- Multiple app support: Fetch URLs for one or more apps at once
- Verbose mode: Display app names, versions, and URLs with
-vflag - Error handling: Graceful error handling with meaningful error messages
- Dependency check: Validates
curlandjqare installed - Input validation: Ensures app IDs are numeric
- Docker Compose ready: Output format compatible with SPLUNK_APPS_URL environment variable
Request to Claude:
Get me the latest download URL for Splunkbase app 4353
Claude Response:
App: Config Explorer
Version: 1.8.21
Download URL: https://splunkbase.splunk.com/app/4353/release/1.8.21/download/
This is the current latest release. If you need this for a Docker Compose SPLUNK_APPS_URL environment variable, you can use the URL directly.
Request to Claude:
Create a Docker Compose service for Splunk with apps 4353 and 7931.
Claude Response:
services:
splunk:
hostname: splunk
container_name: splunk
image: splunk/splunk:latest
platform: linux/amd64
environment:
SPLUNK_GENERAL_TERMS: --accept-sgt-current-at-splunk-com
SPLUNK_START_ARGS: --accept-license
SPLUNK_PASSWORD: ${SPLUNK_PASSWORD}
SPLUNKBASE_USERNAME: ${SPLUNKBASE_USER}@splunk.com
SPLUNKBASE_PASSWORD: ${SPLUNKBASE_PASS}
SPLUNK_APPS_URL: https://splunkbase.splunk.com/app/4353/release/1.8.20/download/,https://splunkbase.splunk.com/app/7931/release/0.2.6/download/
TZ: ${TZ:-Europe/Brussels}
volumes:
- ./default.yml:/tmp/defaults/default.yml
- splunk-var:/opt/splunk/var
- splunk-etc:/opt/splunk/etc
ports:
- "8000:8000"
- "8089:8089"
networks:
- splunk
restart: always
volumes:
splunk-var:
splunk-etc:
networks:
splunk:Request to Claude:
Update my SPLUNK_APPS_URL with the latest versions of apps 4353 and 7931.
Claude Response:
SPLUNK_APPS_URL: https://splunkbase.splunk.com/app/4353/release/1.8.20/download/,https://splunkbase.splunk.com/app/7931/release/0.2.6/download/https://splunkbase.splunk.com/api/v1/app/{app_id}/release
[
{
"name": "1.8.20",
"title": "Version 1.8.20",
"created_time": "2024-01-15T10:30:00Z",
"published": true
}
]The first element contains the latest release information.
| App ID | Name | Description |
|---|---|---|
| 4353 | Splunk Add-on for Cisco ISE | Cisco Identity Services Engine integration |
| 1809 | Splunk Add-on for Windows | Windows event log collection |
| 742 | Splunk Add-on for Unix and Linux | Unix/Linux system monitoring |
| 3212 | Splunk Add-on for AWS | Amazon Web Services integration |
| 1621 | Splunk Add-on for Microsoft Cloud Services | Microsoft 365 and Azure integration |
Cause: Invalid app ID or network connectivity issue
Solution:
- Verify the app ID by visiting
https://splunkbase.splunk.com/app/{app_id}/ - Check your internet connection
- Ensure the Splunkbase API is accessible
Cause: The app may not have any releases or the API response changed
Solution:
- Check if the app exists on Splunkbase
- Verify the app has published releases
- Update the script to handle the new API format
Cause: jq is not installed
Solution:
# macOS
brew install jq
# Ubuntu/Debian
sudo apt-get install jq
# CentOS/RHEL
sudo yum install jq-
Never hardcode credentials in Docker Compose files
-
Use environment variables for sensitive data:
# .env file SPLUNK_PASSWORD=your_password SPLUNKBASE_USER=your_username SPLUNKBASE_PASS=your_splunkbase_password -
Add
.envto.gitignore -
Use secrets management for production deployments
To improve this skill:
- Test with various Splunkbase apps
- Add error handling for edge cases
- Extend with caching for frequently accessed apps
- Add support for specific version fetching (not just latest)
This skill is provided as-is for use with Claude and Splunk deployments.
- v1.1.0 - Enhanced features and improvements (2025-11-27)
- v1.0.0 - Initial release (2025-11-27)