Splunk® Enterprise

Monitoring Splunk Enterprise

Splunk Enterprise version 9.0 will no longer be supported as of June 14, 2024. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

Use App Assist

App Assist is a helper package for Splunk Assist that displays indicators that relate to the status of apps and add-ons in your Splunk Enterprise deployment. You can use App Assist to confirm that your Splunk Enterprise app installations conform with Splunk best practice.

The App Assist page is similar to other Assist pages. Severity cards appear along the top of the page that let you sort available configuration indicators by severity. The overview pane on the left displays indicators based on the filter that you apply using the severity cards. The detail pane on the right displays information about a single indicator, and its contents change depending on what you click in the overview pane.

Indicators appear by severity: "Warning" or "Conforming". The definitions for indicator severity are the same in the App Assist helper page as they are for the general Assist page. There is no "Critical" indicator for App Assist.

Filter indicators by severity

Complete this procedure to see a filtered list of indicators by severity.

  • On the App Assist page, click an indicator severity card. The overview pane updates to show indicators that match that severity.

For example, if you want to see indicators in a Warning state only, click the Warning indicator severity card. The overview page updates to list only indicators that are currently in a "Warning" status.

Get more information on an indicator

Use this procedure to learn how to get more information about a specific indicator including the steps necessary to get the indicator into a "conforming" state.

  1. (Optional) Click one of the severity cards to filter the overview pane by indicator severity.
  2. Click an indicator in the list. The details pane updates to show information about the indicator, including the following details:
    • A summary of the app, including its name, its creator name, and a description of the app as it appears on Splunkbase.
    • Platform: The Splunk platform types for which the app is available.
    • Support: The level of support that ether Splunk or the app publisher provides. A value of "Splunk Supported" means that Splunk directly publishes and supports the app or add-on. The "Developer supported" value means that the app creator provides support of the app or add-on. "Not supported" means that the app creator does not provide support for the app or add-on. Splunk only supports apps and add-ons that it creates and publishes, and never supports third-party apps directly.
    • More info: A link to the app or add-on page on Splunkbase.
  3. (Optional) Select the Nodes tab to see a list of Splunk platform instances to which this indicator applies.

Act to remedy an out-of-compliance indicator

To ensure that the nodes have the latest version of an app or add-on installed, you must install the latest version of that app or add-on onto the Splunk node that appears as out-of-compliance in App Assist.

  1. Follow the procedure to get more information about an indicator, as described earlier in this topic.
  2. Select the Nodes tab to see a list of Splunk platform instances to which the indicator applies.
  3. (Optional) Enter text in the Filter nodes text box to show a list of Splunk platform instances whose names match the text you entered.
  4. Review the list of nodes. The Installed Version column in the list shows the version of the app that is installed on that node. The Latest Version column shows the latest available version on Splunkbase. The Last checked column shows when App Assist last checked the node for installation information.
  5. Later, for each node in the list where the "Installed Version" does not match the "Latest version" for an app or add-on, perform an installation or update of the app or add-on on that node.

Depending on the needs and protocol of your organization, you might need to schedule a downtime period to perform the installation. You might also need to check for version compatibility between multiple apps and add-ons prior to performing installations and upgrades.

Last modified on 01 August, 2024
Use Splunk Assist   Use Certificate Assist

This documentation applies to the following versions of Splunk® Enterprise: 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters