Splunk REST API: How to get deployment app version...

joshuapetitt · ‎03-13-2018

I am trying to make some reports for apps and deployment apps.

I was able to use:

| rest /services/apps/local

to get the label, version, author and description of local apps.

How do I do I get this same information for the deployment-apps?

I've tried

| rest /services/deployment/server/applications

but it does not show the label, version, author or description?

MuS · ‎03-13-2018

Hi joshuapetitt,

I don't think you will get this kind of information using this REST endpoint, because if you check the actual deployment-app using REST (let's say you have a deployment-app called myInputs)

| REST splunk_server=local /services/deployment/server/applications/myInputs/

you will get the author to be system, which is correct because the author here is related to the deployment bundle and not the app.

Another reason why I think you will not get this information using this REST endpoint, is that Splunk is not actually reading any of the app configs/files and therefore does not know anything about the app.

Most likely not the answer you wanted, but I think this is not feasible - sorry.

Hope this makes sense ...

cheers, MuS

joshuapetitt · ‎03-13-2018

Thank you for your reply. I also looked at a specific application using a similar request as your example and saw the same thing. What I really need is to see the label, version, author and description from the app.conf file in each deployment app. Is there another way to do what I am needing?

MuS · ‎03-13-2018

I don't think so, because as I wrote; Splunk is not reading any of the files in $SPLUNK_HOME/etc/deployment-apps/ directory and therefore does not not know the content. It just bundles each app, like a zip, and ships it to any configured UF ...

cheers, MuS

joshuapetitt · ‎03-13-2018

@MuS, do you know if I can ask the UFs about the apps they have? Is this info in any of the _internal indexes or anything like that? I know about the /services/deployment/server/clients endpoint, but this doesn't seem to have the info either.

MuS · ‎03-13-2018

This is the app you are looking for https://splunkbase.splunk.com/app/2775/ 😉

cheers, MuS

MuS · ‎03-13-2018

Nope, this information is not in _internal. There is an app available (cannot recall the name) that allows you to run remote REST calls to universal forwarders .....

cheers, MuS

joshuapetitt · ‎03-13-2018

Note, I'm not necessarily interested in what clients they are deployed to. I just need to get the label, version, author and description of the applications that can be deployed.

damiensurat · ‎03-13-2018

Hi, I know that author is in the rest API call.. however, It seems that you may be looking for the information from the app.conf files of the applications themselves? eg: %splunkhome%\etc\apps[appname][default or
local folder]\app.conf

stanza:
[launcher]
version =
author =
description =

Which raises the question, are you looking for information for applications deployed to say a search head and already installed?

joshuapetitt · ‎03-13-2018

@damiensurat, I am looking for the information about the deployment-apps on a deployment server.

Basically, I need to report the app information about the apps that can be deployed (not that necessarily are deployed, or where they are deployed)

MuS · ‎03-15-2018

Reading this comment; why not simply setup a monitor in inputs.conf that indexes the deployment apps directory? This way you get what you want 😉

cheers, MuS

joshuapetitt · ‎03-15-2018

Thanks, at the end of the day this may be the easiest thing to do. I'd like to pull the data from each app.conf (so I can see the version and author information). But a custom forwarder to do this might be the easiest for me to accomplish.

Splunk REST API: How to get deployment app version, author and description?

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024