Solved: Search Head audit of all listed Apps \ TA's \ SA's...

Anthony_Faul · ‎09-27-2021

i all

I'm tasked with performing an audit of our Splunk (Cloud) Search Heads (2) as many Apps \ Add-Ons have been sporadically installed onto them over the years and problems are occurring.

The aim is to export the search to .CSV to compare, detect gaps, mismatches etc., identify candidates for upgrade or removal etc.

Any offers to help greatly appreciated.

PickleRick · ‎09-27-2021

You have a REST endpoint to manage apps.

https://docs.splunk.com/Documentation/Splunk/8.2.2/RESTREF/RESTapps

For example - to check for upgradeable apps you can do something like:

| rest /services/apps/local 
| where version!='update.version'
| table label version update.version

View solution in original post

PickleRick · ‎09-27-2021

You have a REST endpoint to manage apps.

https://docs.splunk.com/Documentation/Splunk/8.2.2/RESTREF/RESTapps

For example - to check for upgradeable apps you can do something like:

| rest /services/apps/local 
| where version!='update.version'
| table label version update.version

Anthony_Faul · ‎09-28-2021

Tnx @PickleRick

That's sufficient to provide me the details.

Search Head audit of all listed Apps \ TA's \ SA's via search command

chart

count

eval

field extraction

fields

lookup

metadata

regex

rex

stats

subsearch

table

timechart

tstats

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability