Solved: SPL to find all UF clients that picked up specific...

dkr3500 · ‎05-25-2021

Hi,

I know there are other ways to get this through the deployment server, but I'm trying to find a SPL to get results of which of my Splunk UF clients currently has a specific deployment app.

I have been able to use this SPL to find all all deployment apps on all my Splunk UF clients:

| rest /services/deployment/server/clients splunk_server=splunkdeploy01* 
| table hostname applications*.stateOnClient 
| untable hostname applications value 
| eval applications=replace(applications,"applications\.(\w+)\.stateOnClient","\1") 
| stats values(applications) as applications by hostname

However, I'm looking for a SPL that searches across all Splunk UF clients for a specific deployment app: "all_splunk_uf"

Thanks!

richgalloway · ‎05-26-2021

| rest /services/deployment/server/clients splunk_server=splunkdeploy01* 
| table hostname applications*.stateOnClient 
| untable hostname applications value 
| eval applications=replace(applications,"applications\.(\w+)\.stateOnClient","\1") 
| search applications="all_splunk_uf"
| stats values(applications) as applications by hostname

Filter on the application name.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎05-26-2021

| rest /services/deployment/server/clients splunk_server=splunkdeploy01* 
| table hostname applications*.stateOnClient 
| untable hostname applications value 
| eval applications=replace(applications,"applications\.(\w+)\.stateOnClient","\1") 
| search applications="all_splunk_uf"
| stats values(applications) as applications by hostname

Filter on the application name.

---
If this reply helps you, Karma would be appreciated.

SPL to find all UF clients that picked up specific deployment app?

subsearch

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!