This is a similar report (although missing the status of apps deployed) taken from another post which can be found here: http://answers.splunk.com/answers/206895/how-to-provide-a-status-of-a-forwarder-to-a-custom.html
index=_internal source=*metrics.log group=tcpin_connections | eval sourceHost=if(isnull(hostname), sourceHost,hostname) | rename connectionType as connectType | eval connectType=case(fwdType=="uf","univ fwder", fwdType=="lwf", "lightwt fwder",fwdType=="full", "heavy fwder", connectType=="cooked" or connectType=="cookedSSL","Splunk fwder", connectType=="raw" or connectType=="rawSSL","legacy fwder") | eval version=if(isnull(version),"pre 4.2",version) | rename version as Ver arch as MachType | fields connectType sourceIp sourceHost destPort kb tcp_eps tcp_Kprocessed tcp_KBps splunk_server Ver MachType os | eval Indexer= splunk_server | eval Hour=relative_time(_time,"@h") | stats sum(kb) as total_KB by Hour connectType Ver sourceIp sourceHost MachType os Indexer destPort | fieldformat Hour=strftime(Hour,"%x %X") | fieldformat total_KB=tostring(total_KB,"commas") | rename os as OS
I'm guessing these are rest API calls but I'll let you know if I track them down. Hidden searches/rest commands are always an annoyance to me. IMHO, Splunk should make all reports exportable and able to to open in a search window. The forwarder management report built into Splunk is a perfect example of this.
This seems related, however, I haven't been able to determine the search/call that is assembled behind the scenes.