Deployment Architecture

How to determine which apps were downloaded and by what clients from the Deployment Server?


If I look at the Forwarder Management console of the Deployment Server, I'll find a summary of App Downloads in the last hour.

Is there any way to identify exactly which apps were downloaded, and by what clients?

0 Karma


Ah, this information is in the _internal index. The exact search will vary based on your version of Splunk, so you may have to play around with this a bit:

index=_internal component=DeployedApplication OR component= PackageDownloadRestHandler  sourcetype=splunkd 
| table _time log_level host app message