Splunk search for Historical Splunk Version Installed
Copy
index=_introspection component=Hostwide | bin _time span=1d | stats values(data.splunk_version) by _time, host
This search will display the Splunk version installed on all Splunk instances sending their internal logs, grouped by day and host. This search allows you to get a historical account of which version was installed on each host during the provided time range. Worth noting that the _introspection index by default is only retained for 14 days, so if you want to keep a longer record than that you'll need to adjust this within your environment.
0 comments
[1]
[0]
[1]
[0]
Sign in or Register to submit a comment