Solved: Search Head audit of all listed Apps \ TA's \ SA's...

Anthony_Faul · ‎09-27-2021

i all

I'm tasked with performing an audit of our Splunk (Cloud) Search Heads (2) as many Apps \ Add-Ons have been sporadically installed onto them over the years and problems are occurring.

The aim is to export the search to .CSV to compare, detect gaps, mismatches etc., identify candidates for upgrade or removal etc.

Any offers to help greatly appreciated.

PickleRick · ‎09-27-2021

You have a REST endpoint to manage apps.

https://docs.splunk.com/Documentation/Splunk/8.2.2/RESTREF/RESTapps

For example - to check for upgradeable apps you can do something like:

| rest /services/apps/local 
| where version!='update.version'
| table label version update.version

View solution in original post

PickleRick · ‎09-27-2021

You have a REST endpoint to manage apps.

https://docs.splunk.com/Documentation/Splunk/8.2.2/RESTREF/RESTapps

For example - to check for upgradeable apps you can do something like:

| rest /services/apps/local 
| where version!='update.version'
| table label version update.version

Anthony_Faul · ‎09-28-2021

Tnx @PickleRick

That's sufficient to provide me the details.

Search Head audit of all listed Apps \ TA's \ SA's via search command

chart

count

eval

field extraction

fields

lookup

metadata

regex

rex

stats

subsearch

table

timechart

tstats

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation

Search Head audit of all listed Apps \ TA's \ SA's via search command