Use App Assist
App Assist is a helper package for Splunk Assist that displays indicators that relate to the status of apps and add-ons in your Splunk Enterprise deployment. You can use App Assist to confirm that your Splunk Enterprise app installations conform with Splunk best practice.
The App Assist page is similar to other Assist pages. Severity cards appear along the top of the page that let you sort available configuration indicators by severity. The overview pane on the left displays indicators based on the filter that you apply using the severity cards. The detail pane on the right displays information about a single indicator, and its contents change depending on what you click in the overview pane.
Indicators appear by severity: "Warning" or "Conforming". The definitions for indicator severity are the same in the App Assist helper page as they are for the general Assist page. There is no "Critical" indicator for App Assist.
Filter indicators by severity
Complete this procedure to see a filtered list of indicators by severity.
- On the App Assist page, click an indicator severity card. The overview pane updates to show indicators that match that severity.
For example, if you want to see indicators in a Warning state only, click the Warning indicator severity card. The overview page updates to list only indicators that are currently in a "Warning" status.
Get more information on an indicator
Use this procedure to learn how to get more information about a specific indicator including the steps necessary to get the indicator into a "conforming" state.
- (Optional) Click one of the severity cards to filter the overview pane by indicator severity.
- Click an indicator in the list. The details pane updates to show information about the indicator, including the following details:
- A summary of the app, including its name, its creator name, and a description of the app as it appears on Splunkbase.
- Platform: The Splunk platform types for which the app is available.
- Support: The level of support that ether Splunk or the app publisher provides. A value of "Splunk Supported" means that Splunk directly publishes and supports the app or add-on. The "Developer supported" value means that the app creator provides support of the app or add-on. "Not supported" means that the app creator does not provide support for the app or add-on. Splunk only supports apps and add-ons that it creates and publishes, and never supports third-party apps directly.
- More info: A link to the app or add-on page on Splunkbase.
- (Optional) Select the Nodes tab to see a list of Splunk platform instances to which this indicator applies.
Act to remedy an out-of-compliance indicator
To ensure that the nodes have the latest version of an app or add-on installed, you must install the latest version of that app or add-on onto the Splunk node that appears as out-of-compliance in App Assist.
- Follow the procedure to get more information about an indicator, as described earlier in this topic.
- Select the Nodes tab to see a list of Splunk platform instances to which the indicator applies.
- (Optional) Enter text in the Filter nodes text box to show a list of Splunk platform instances whose names match the text you entered.
- Review the list of nodes. The Installed Version column in the list shows the version of the app that is installed on that node. The Latest Version column shows the latest available version on Splunkbase. The Last checked column shows when App Assist last checked the node for installation information.
- Later, for each node in the list where the "Installed Version" does not match the "Latest version" for an app or add-on, perform an installation or update of the app or add-on on that node.
Depending on the needs and protocol of your organization, you might need to schedule a downtime period to perform the installation. You might also need to check for version compatibility between multiple apps and add-ons prior to performing installations and upgrades.
Use Splunk Assist
Use Certificate Assist
This documentation applies to the following versions of Splunk® Enterprise: 9.0.0, 9.0.1, 9.0.2