Monitoring Splunk

How do I find if an app (May be different version) with same name have been installed in Splunk Ent / ES? Please

SamHTexas
Builder

I am getting multiple of the same errors + same saved searches that are skipped. So I can not find exactly how many time an App may have been installed without using the "upgrade" option. Please advise. Thank u very much in advance.

Labels (2)
Tags (1)
0 Karma

Stefanie
Builder

Im assuming you've checked the $SPLUNK_HOME/etc/apps folder for the name of the app.

You could try looking in $SPLUNK_HOME/etc/master-apps, $SPLUNK_HOME/etc/slave-apps, and $SPLUNK_HOME/etc/deployment-apps?

 

If you run your Splunk servers on linux, i would also suggest using a command like "find /opt/splunk -name "app name" "

SamHTexas
Builder

Thank u very much for your answer. Can I do this via Monitoring console or GUI  as well?

Tags (1)
0 Karma

joshualemoine
Path Finder

You should be able to use the "Manage Apps" area of the SH Console. What OS are your running on? 

0 Karma

SamHTexas
Builder

Red Hat Linux. But I use my Win 10 to remote in.

Tags (1)
0 Karma

joshualemoine
Path Finder

Well, if you have a single search head, or a cluster with a search deployer, I think Stefanie's answer above is spot on, if you know the name of the app.

If you don't know the name of the app and are just trying to find if there are duplicate's of anything installed in the apps directory, you could use a Linux command like 'fdupes', which you'd probably have to install b/c I doubt it's on the gold image for most organizations. Something much simpler would be something like 'ls -lad $SPLUNK_HOME/etc/apps/ | uniq -d' which I think would only print duplicated directories (in this case apps.)

 

 

0 Karma