Hi everyone, I am using Splunk Enterprise 7.0.8.5 + the ./bin/package.sh script provided with the Splunk Add-on for Unix and Linux ( v5.2.3 according to ./etc/apps/Splunk_TA_nix/README) to retrieve information about installed packages on multiple hosts running Ubuntu 14.04 LTS or 16.04 LTS. The section of the inputs.conf looks like this: # Run package management tool collect installed packages [script://./bin/package.sh] sourcetype = package source = package interval = 3600 index = os Looking at ./bin/package.sh I can see that for Debian distributions it uses some variant of: dpkg-query -W -f='${Package} ${Version} ${Architecture} ${Homepage}\n' to list packages, but I don't see an option to include the ${Status} attribute which would give me the package status ( http://man7.org/linux/man-pages/man1/dpkg-query.1.html 😞 Package status: n = Not-installed c = Config-files H = Half-installed U = Unpacked F = Half-configured W = Triggers-awaiting t = Triggers-pending i = Installed Because of this, all packages are listed, including packages that have been previously uninstalled (but may still have leftover files), and I am missing the information to find which ones are currently installed. Did I miss something? Is there another way to retrieve the missing information with this add-on? If this is a feature of interest to other users, is there a place to file a ticket? Thanks. ... View more