Getting Data In

Splunk REST API: How to get deployment app version, author and description?

joshuapetitt
Path Finder

I am trying to make some reports for apps and deployment apps.

I was able to use:

| rest /services/apps/local

to get the label, version, author and description of local apps.

How do I do I get this same information for the deployment-apps?

I've tried

| rest /services/deployment/server/applications

but it does not show the label, version, author or description?

Tags (2)
0 Karma

MuS
Legend

Hi joshuapetitt,

I don't think you will get this kind of information using this REST endpoint, because if you check the actual deployment-app using REST (let's say you have a deployment-app called myInputs)

| REST splunk_server=local /services/deployment/server/applications/myInputs/

you will get the author to be system, which is correct because the author here is related to the deployment bundle and not the app.

Another reason why I think you will not get this information using this REST endpoint, is that Splunk is not actually reading any of the app configs/files and therefore does not know anything about the app.

Most likely not the answer you wanted, but I think this is not feasible - sorry.

Hope this makes sense ...

cheers, MuS

joshuapetitt
Path Finder

Thank you for your reply. I also looked at a specific application using a similar request as your example and saw the same thing. What I really need is to see the label, version, author and description from the app.conf file in each deployment app. Is there another way to do what I am needing?

0 Karma

MuS
Legend

I don't think so, because as I wrote; Splunk is not reading any of the files in $SPLUNK_HOME/etc/deployment-apps/ directory and therefore does not not know the content. It just bundles each app, like a zip, and ships it to any configured UF ...

cheers, MuS

0 Karma

joshuapetitt
Path Finder

@MuS, do you know if I can ask the UFs about the apps they have? Is this info in any of the _internal indexes or anything like that? I know about the /services/deployment/server/clients endpoint, but this doesn't seem to have the info either.

0 Karma

MuS
Legend

This is the app you are looking for https://splunkbase.splunk.com/app/2775/ 😉

cheers, MuS

MuS
Legend

Nope, this information is not in _internal. There is an app available (cannot recall the name) that allows you to run remote REST calls to universal forwarders .....

cheers, MuS

0 Karma

joshuapetitt
Path Finder

Note, I'm not necessarily interested in what clients they are deployed to. I just need to get the label, version, author and description of the applications that can be deployed.

0 Karma

damiensurat
Contributor

Hi, I know that author is in the rest API call.. however, It seems that you may be looking for the information from the app.conf files of the applications themselves? eg: %splunkhome%\etc\apps[appname][default or
local folder]\app.conf

stanza:
[launcher]
version =
author =
description =

Which raises the question, are you looking for information for applications deployed to say a search head and already installed?

0 Karma

joshuapetitt
Path Finder

@damiensurat, I am looking for the information about the deployment-apps on a deployment server.

Basically, I need to report the app information about the apps that can be deployed (not that necessarily are deployed, or where they are deployed)

0 Karma

MuS
Legend

Reading this comment; why not simply setup a monitor in inputs.conf that indexes the deployment apps directory? This way you get what you want 😉

cheers, MuS

joshuapetitt
Path Finder

Thanks, at the end of the day this may be the easiest thing to do. I'd like to pull the data from each app.conf (so I can see the version and author information). But a custom forwarder to do this might be the easiest for me to accomplish.

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...