faststeak · January 4, 2018 17:31
diff --git a/gistfile1.txt b/gistfile1.txt
 | rest /services/apps/local
 | search disabled=0 NOT (label="Apps Browser" OR label="splunk_httpinput" OR label="learned" OR label="framework" OR label="introspection_generator_addon" OR label="_cluster" OR label="Instrumentation" OR label="Search & Reporting" OR label="Home" OR label="Log Event Alert Action" OR label="Splunk Archiver App" OR label="Webhook Alert Action" OR label="Monitoring Console")
 | stats max(version) as version values(*) as * by label
 | fields label version description title details managed_by_deployment_client visible
 | eval managed_by_deployment_client=case((managed_by_deployment_client==1),"Yes",(managed_by_deployment_client==0),"No")
 | eval visible=case((visible==1),"Yes",(visible==0),"No")
 | rename label as App version as Version title as Folder details as "Splunkbase URL" managed_by_deployment_client as "Managed by Deployment Server" visible as Visible
	\| rest /services/apps/local
	\| search disabled=0 NOT (label="Apps Browser" OR label="splunk_httpinput" OR label="learned" OR label="framework" OR label="introspection_generator_addon" OR label="_cluster" OR label="Instrumentation" OR label="Search & Reporting" OR label="Home" OR label="Log Event Alert Action" OR label="Splunk Archiver App" OR label="Webhook Alert Action" OR label="Monitoring Console")
	\| stats max(version) as version values() as by label
	\| fields label version description title details managed_by_deployment_client visible
	\| eval managed_by_deployment_client=case((managed_by_deployment_client==1),"Yes",(managed_by_deployment_client==0),"No")
	\| eval visible=case((visible==1),"Yes",(visible==0),"No")
	\| rename label as App version as Version title as Folder details as "Splunkbase URL" managed_by_deployment_client as "Managed by Deployment Server" visible as Visible