Splunk Search

How can I write a search query to retrieve release/installed date for all app on Splunk?


I try to search with comand 

| rest /services/app/local 

but the value of the "updated" field is "1970-01-01T07:00:00+07:00" for all app

Labels (1)
Tags (1)
0 Karma


That is a known problem, although I'm not sure it's published.  Go to https://ideas.splunk.com to ask Splunk to rectify it.

If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...