errors
If you have an on-prem monitoring console host, then you'd be able to query the apps on your HF's like you did with the rest command. I'm not aware of a method of doing that on Splunk Cloud since it can't peer to on-prem environments. I'll let others add their input if they know of anything.
Hi
as @m_pham said you can add local MC node to monitoring your OnPrem HF etc. Then just add those HF as indexers there and then it should work.
Even easier way is do that query on HF command line (or GUI) locally. No need to add anything else there. You could also use REST (e.g. via cURL) on cmd line.
More from docs https://docs.splunk.com/Documentation/Splunk/9.1.0/Search/SearchwithSplunkWeb,CLI,orRESTAPI
If you are needing only list of installed apps then you should use
splunk list app|egrep ENABLED
This gives you a list of enabled apps.
r. Ismo
Hai,
Thanks for your response.
can we get those data into splunk search which is splunk cloud i am using for the Apps information in HF"S
You can’t get those automatic to SC. If you really need those tho SC, you need to create own app which collect those on every HF and send them to SC.
What is your issue which you are trying to solve?
i want to collect the data about App installed in all of my HF"S into splunk cloud .
i have a splunk search to get the data but how can i send this OUTPUT to splunk cloud as we have on-prem HF"S
| rest /services/apps/local
| search disabled=0 AND version!=1.0.0 AND check_for_updates = 1 AND update.version!=null
| rename update.version AS New_version
| table label title author version update.name New_version version update.homepage description docs_section_override
You cannot get that information directly from any HFs as you cannot add those as a search peers to SC. So only way is add app to all HFs which collect that information and then send it regularly to SC into some index. Then you could query towards it.
I’m not sure if you could try this with _conftrack (or what was name of this index?) I cannot check it now, but you could try it.
index=_configtracker
can you tell me the configuration for this.
is it by using HEC token
As I said, you need to create a TA which contains e.g. scripted inputs for collecting that information from HF/UF. Then you need add sourcetype and maybe something else what you want to it. Store those on some index on indexers on SC. For that you should add index definition on SC (or add those to your app).
After you have deployed that TA to your HF/UFs, you could query needed information on SC.
for below REST Api SEARCH how can i configure the script in the inputs.conf files
| rest /services/apps/local
| search disabled=0 AND version!=1.0.0 AND check_for_updates = 1 AND update.version!=null
| rename update.version AS New_version
| table label title author version update.name New_version version update.homepage description docs_section_override