Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- How do I find if an app (May be different version)...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do I find if an app (May be different version) with same name have been installed in Splunk Ent / ES? Please
I am getting multiple of the same errors + same saved searches that are skipped. So I can not find exactly how many time an App may have been installed without using the "upgrade" option. Please advise. Thank u very much in advance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Im assuming you've checked the $SPLUNK_HOME/etc/apps folder for the name of the app.
You could try looking in $SPLUNK_HOME/etc/master-apps, $SPLUNK_HOME/etc/slave-apps, and $SPLUNK_HOME/etc/deployment-apps?
If you run your Splunk servers on linux, i would also suggest using a command like "find /opt/splunk -name "app name" "
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank u very much for your answer. Can I do this via Monitoring console or GUI as well?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should be able to use the "Manage Apps" area of the SH Console. What OS are your running on?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, if you have a single search head, or a cluster with a search deployer, I think Stefanie's answer above is spot on, if you know the name of the app.
If you don't know the name of the app and are just trying to find if there are duplicate's of anything installed in the apps directory, you could use a Linux command like 'fdupes', which you'd probably have to install b/c I doubt it's on the gold image for most organizations. Something much simpler would be something like 'ls -lad $SPLUNK_HOME/etc/apps/ | uniq -d' which I think would only print duplicated directories (in this case apps.)
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Observability Simplified: Combining User Experience, Application Performance & ...
Event Series May & June: From Network Visibility to Service Intelligence
Global Splunk User Group Events: May + June 2026
