Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create a report that lists of all enabled apps on Splunk Universal Forwarders and their versions?

paoloromagnoli
New Member
‎06-14-2017 09:05 AM

I would like to create a report/dashboard that includes among other things the list of Splunk apps installed on universal forwarders and their versions.
I created the report for apps installed on heavy forwarders and other Splunk components using the REST API. Any idea for universal forwarders? Also on the deployment server I was not able to spot if that info is indexed somewhere

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎06-14-2017 09:56 AM

This would make an excellent Modular Input App exercise. Your script will go to $SPLUNK_HOME/etc/apps/ and list out each directory and then go into each application directory and look for a app.conf file first in local and then in default. Inside of that find the line that says version=valiue line and grab the value. There might be an app on Splunkbase that already does this.

View solution in original post

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-27-2021 02:59 AM

Hi @paoloromagnoli,

try this

| rest splunk_server=local /services/deployment/server/clients
| table hostname ip utsname *.restartSplunkd
| eval temp=hostname."#".ip."#".utsname 
| table temp *.restartSplunkd
| eval application.NoApp.restartSplunkd=0
| untable temp apps count 
| eval Apps=if(like(apps,"app%"),mvindex(split(apps,"."),1),null()) 
| eval ServerClass=if(like(apps,"server%"),mvindex(split(apps,"."),1),null() ) 
| rex field=temp "(?<Host>.*)#(?<Host_IP>.*)#(?<Machine_Type>.*)" 
| table Host Host_IP Machine_Type Apps ServerClass 
| stats Values(*) as * dc(Apps) AS dc_apps by Host Host_IP Machine_Type
| eval Apps=if(dc_apps=1,Apps,mvindex(Apps,1,10))
| nomv Apps
| nomv ServerClass
| fillnull value="NoSC" ServerClass

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

Abha111
Loves-to-Learn Lots
‎02-27-2021 12:49 AM

Hi Paoloromagnoli,

 

Could you please share the rest query you used to create a report for apps installed on heavy forwarders and other Splunk components using the REST API.

Tags (1)
0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎06-14-2017 09:56 AM

This would make an excellent Modular Input App exercise. Your script will go to $SPLUNK_HOME/etc/apps/ and list out each directory and then go into each application directory and look for a app.conf file first in local and then in default. Inside of that find the line that says version=valiue line and grab the value. There might be an app on Splunkbase that already does this.

Reply
Solved! Jump to solution

paoloromagnoli
New Member
‎06-14-2017 10:07 AM

That was my first idea... I was only trying to seeif that info was already present some where in some index
Thanks,
Paolo

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

&#x1f342; Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...