Are you a member of the Splunk Community?
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Can you help me build a search query for check...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello all,
I know that Splunk regularly checks for Splunk Enterprise and app updates. There is the "New (maintenance) version available. Check here for details" message as well as app update information under "Manage Apps".
Now I want to build a dashboard that shows any available updates for Splunk Enterprise + Splunk apps.
For Splunk apps, it is possible to run a search which shows available updates for apps and add-ons using the REST API. This works perfectly.
Now my question is: How can I run a search to display the latest version of Splunk Enterprise?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @whrg
I did some quick investigations into this, and it would appear that the Splunk server itself doesn't actually talk to Splunk servers to find out if a new version is available. You can see this mentioned on this page: https://docs.splunk.com/Documentation/Splunk/7.2.4/Admin/Aboutupdatecheckerdata
Now I did what it suggested and checked my own network traffic when I logged in, and I can see hitting this URL will tell me the latest Splunk version: https://quickdraw.splunk.com/js/pro/7.2.0/login/prod/basic?
I expect there is a unique URL for every version that has ever been deployed, but this URL should still work for a long time and tell you what the latest version of Splunk is. Just get the REST moluar input or some other app to query this URL periodically.
All the best,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @whrg
I did some quick investigations into this, and it would appear that the Splunk server itself doesn't actually talk to Splunk servers to find out if a new version is available. You can see this mentioned on this page: https://docs.splunk.com/Documentation/Splunk/7.2.4/Admin/Aboutupdatecheckerdata
Now I did what it suggested and checked my own network traffic when I logged in, and I can see hitting this URL will tell me the latest Splunk version: https://quickdraw.splunk.com/js/pro/7.2.0/login/prod/basic?
I expect there is a unique URL for every version that has ever been deployed, but this URL should still work for a long time and tell you what the latest version of Splunk is. Just get the REST moluar input or some other app to query this URL periodically.
All the best,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Chris,
Thank you for your answer!
Interesting. I will see if I can find any documentation on this quickdraw.splunk.com URL.
A REST modular input sounds like a good idea. Or perhaps a custom search command.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
v|rest /services/apps/local
|fields author configured disbled eai:aci.owner eai:acl.sharing label title visible check_for_updates update.version version
|dedup title
|table title label author eai:aci.owner eai:acl.sharing configured disabled visible check_for_updates update.version version
Leveraging Automated Threat Analysis Across the Splunk Ecosystem
Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain
Splunk Lantern’s Guide to The Most Popular .conf25 Sessions
