Splunk Search

Has anyone created a scheduled search that notifies you if an app/add-on installed on search peers has an updated version on Splunkbase?

banderson7
Communicator

Running a distributed environment, and certain servers of mine have internet access, but my deployment server and search heads do not. Therefore, it's kind of difficult to know when an app has been updated. Has anyone created a search that runs periodically that will say if an app that's installed somewhere on the search peers has an updated version on Splunkbase? I've had a hard time finding any results for something like this.

Any help would be appreciated. Thanks.

[edit]
I found the Website Input app that allows splunk to crawl a web page, and am trying to get that to work, but I'm stuck on the css selector section. For example, the SA-ldapsearch app is on version 2.1.2, but the html surrounding that section is:

<div id="app-content" class="page-content">
    <div class="container">
        <div class="row-fluid">
            <div class="span8">
                <div class="well well-white noshadow special-tabs">

                    <ul class="nav nav-tabs flat-nav-tabs">
                        <li class="active"><a href="#app-details"
                                              data-toggle="tab"
                                              data-hash="#/overview"><h4><i class="icon-list"></i>Overview</h4></a></li>
                        <li><a href="#app-resources"
                               data-toggle="tab"
                               data-hash="#/documentation"><h4><i class="icon-file-alt"></i>Documentation</h4></a></li>
                    </ul>

                    <div class="tab-content">
                        <div id="app-details" class="tab-pane active">
                            <div>
                                <h5></h5>
                                <p>This app (also known as SA-ldapsearch) provides support functions to the Windows Infrastructure (http://apps.splunk.com/app/1680/), Active Directory and Exchange (http://apps.splunk.com/app/1660/) apps that enable you to extract information from an Active Directory database. For instance, you can search Active Directory for records, presenting the records as events, or augment existing events with information from Active Directory based on information within the events.</p>
                            </div>




                                <div id="releases" class="not-directory">
                                    <div u-divider class="bottom-20"></div>
                                    <div class="row-fluid">
                                        <select u-btn="white" class="pull-right bottom-20">


                                                    <option value="2.1.2"

                                                                selected
                                                            >Version: 2.1.2</option>

when in fact I just want to know when the version changes.

1 Solution

martin_mueller
SplunkTrust
SplunkTrust

On any given Splunk, you could run this search:

| rest splunk_server=local /services/apps/local | search update.version=* | table title version update.version

If that Splunk has internet access, it'll have the update.* fields filled with the latest version if there is an update available for any app installed on that system. The splunk_server filter should be usable for querying search peers as well. Using that scheduled daily or weekly, you could alert yourself of any update.

View solution in original post

martin_mueller
SplunkTrust
SplunkTrust

On any given Splunk, you could run this search:

| rest splunk_server=local /services/apps/local | search update.version=* | table title version update.version

If that Splunk has internet access, it'll have the update.* fields filled with the latest version if there is an update available for any app installed on that system. The splunk_server filter should be usable for querying search peers as well. Using that scheduled daily or weekly, you could alert yourself of any update.

banderson7
Communicator

That's the ticket, thank you!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...