Re: How do I find if an app (May be different vers...

SamHTexas · ‎07-29-2021

I am getting multiple of the same errors + same saved searches that are skipped. So I can not find exactly how many time an App may have been installed without using the "upgrade" option. Please advise. Thank u very much in advance.

Stefanie · ‎07-29-2021

Im assuming you've checked the $SPLUNK_HOME/etc/apps folder for the name of the app.

You could try looking in $SPLUNK_HOME/etc/master-apps, $SPLUNK_HOME/etc/slave-apps, and $SPLUNK_HOME/etc/deployment-apps?

If you run your Splunk servers on linux, i would also suggest using a command like "find /opt/splunk -name "app name" "

SamHTexas · ‎07-29-2021

Thank u very much for your answer. Can I do this via Monitoring console or GUI as well?

joshualemoine · ‎07-29-2021

You should be able to use the "Manage Apps" area of the SH Console. What OS are your running on?

SamHTexas · ‎07-29-2021

Red Hat Linux. But I use my Win 10 to remote in.

joshualemoine · ‎07-29-2021

Well, if you have a single search head, or a cluster with a search deployer, I think Stefanie's answer above is spot on, if you know the name of the app.

If you don't know the name of the app and are just trying to find if there are duplicate's of anything installed in the apps directory, you could use a Linux command like 'fdupes', which you'd probably have to install b/c I doubt it's on the gold image for most organizations. Something much simpler would be something like 'ls -lad $SPLUNK_HOME/etc/apps/ | uniq -d' which I think would only print duplicated directories (in this case apps.)

How do I find if an app (May be different version) with same name have been installed in Splunk Ent / ES? Please

monitoring console

search performance

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Are you a member of the Splunk Community?