Search to show what apps are ready to be updated

| rest splunk_server=local /services/apps/local | search update.version=* | table title version update.version

1	\| rest splunk_server=local /services/apps/local \| search update.version=* \| table title version update.version

If that Splunk has internet access, it’ll have the

<i><span style="font-size: 10.0pt; color: #333333;">update.*</span></i>

1	<i><span style="font-size: 10.0pt; color: #333333;">update.*</span></i>

fields filled with the latest version if there is an update available for any app installed on that system. The

<i><span style="font-size: 10.0pt; color: #333333;">splunk_server</span></i>

1	<i><span style="font-size: 10.0pt; color: #333333;">splunk_server</span></i>

filter should be usable for querying search peers as well. Using that scheduled daily or weekly, you could alert yourself of any update.

Got it here: https://answers.splunk.com/answers/336868/has-anyone-created-a-scheduled-search-that-notifie.html

Splunk Query Repository