Is there a splunk search that I can use to find the latest timestamp when an app was installed? Is there an internal index that contains this information?
Assuming the logs contain something like "installed",
index=blah sourcetype=blah app_name "installed" | stats latest(_time) as Time
I think my question wasn't clear enough. Which index and sourcetype are you referring to here ? My logs doesn't contain this info. Are there any logs internal to splunk that keeps track of this information ? I'm trying to find the last time an app was installed (or a newer version of the app is installed).