https://community.splunk.com/t5/Getting-Data-In/RHL-version-on-all-the-UF/m-p/466367#M87772 <P>HI All , </P> <P>Could you please help me in getting the query to get red hat linux version on the all UF , i have checked many splunk answers the query uses metrics logs and i got only the version of the splunk and os as Linux , but not the actual linux version on the host . </P> Thu, 13 Feb 2020 10:50:46 GMT deepakgaonkar 2020-02-13T10:50:46Z https://community.splunk.com/t5/Getting-Data-In/RHL-version-on-all-the-UF/m-p/466367#M87772 <P>HI All , </P> <P>Could you please help me in getting the query to get red hat linux version on the all UF , i have checked many splunk answers the query uses metrics logs and i got only the version of the splunk and os as Linux , but not the actual linux version on the host . </P> Thu, 13 Feb 2020 10:50:46 GMT https://community.splunk.com/t5/Getting-Data-In/RHL-version-on-all-the-UF/m-p/466367#M87772 deepakgaonkar 2020-02-13T10:50:46Z https://community.splunk.com/t5/Getting-Data-In/RHL-version-on-all-the-UF/m-p/466368#M87773 <P>Hi <a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/187635">@deepakgaonkar</a>,<BR /> if you need only operative system of each target server, you can use a search like this on Deployment Server:</P> <PRE><CODE>| rest splunk_server=local /services/deployment/server/clients | table instanceName ip utsname </CODE></PRE> <P>If instead you want more infos about your servers, as the operative system version, you have to use a Technology Add-On (TA) to extract this info from the target.<BR /> I'm speaking of TA_Windows (for Windows Servers) and TA_nix (for Linux servers).<BR /> You have to take these TAs, enable the stanza to check the operative system version and deploy them to all the targets.</P> <P>Then you can run a search like this:<BR /> for <STRONG>Windows servers</STRONG>:</P> <PRE><CODE>index=windows sourcetype=WinHostMon Type=OperatingSystem | eval host=upper(host) | dedup host | sort host | table OS Version ServicePack BuildNumber SerialNumber InstallDate LastBootUpTime | eval InstallDate=strftime(strptime(InstallDate,"%Y%m%d%H%M%S"),"%d/%m/%Y %H.%M.%S"), LastBootUpTime=strftime(strptime(LastBootUpTime,"%Y%m%d%H%M%S"),"%d/%m/%Y %H.%M.%S") </CODE></PRE> <P>For <STRONG>Linux servers</STRONG>:</P> <PRE><CODE>index=os sourcetype=Unix:Version | table os_name os_release os_version machine_architecture_name | rename os_name AS "Operative System" os_release AS Release os_version AS Version machine_architecture_name AS Architecture </CODE></PRE> <P>Ciao.<BR /> Giuseppe</P> Wed, 30 Sep 2020 04:11:34 GMT https://community.splunk.com/t5/Getting-Data-In/RHL-version-on-all-the-UF/m-p/466368#M87773 gcusello 2020-09-30T04:11:34Z https://community.splunk.com/t5/Getting-Data-In/RHL-version-on-all-the-UF/m-p/466369#M87774 <P>Install the Splunk Addon for Unix to your forwarders, and configure version.sh<BR /> <A href="https://splunkbase.splunk.com/app/833/">https://splunkbase.splunk.com/app/833/</A></P> <P>This input collects detailed version information from your host (amongst many other useful things if you wish), and as a bonus will add it to the Inventory Data model.</P> Thu, 13 Feb 2020 11:36:46 GMT https://community.splunk.com/t5/Getting-Data-In/RHL-version-on-all-the-UF/m-p/466369#M87774 nickhills 2020-02-13T11:36:46Z