Hello,
I need some help. One of our clients wants to see when the patch version of Splunk is updated. Is this possible ?
hi @ivan_yanev ,Check migration logs in _internal index.
index="_internal" source="*migration.log*" earliest=1 | table _time, host, PLATFORM, PRODUCT, VERSION, BUILD
If this reply helps you, an upvote/like would be appreciated.
View solution in original post
@manjunathmeti thank you for your quick reply.
Probably this is correct but the internal index does not keep data older than 30 days so I cannot validate it.
I guess we'll find out if this work on next update.
UPDATE : I have decided to test it. I've updated the Splunk version of my virtual machine and it worked.
