https://community.splunk.com/t5/Reporting/Reporting-Windows-Security-Events-4732-for-BUILTIN/m-p/512485#M8315 <P>There is no such mechanism to identify os type with the logs. You may identify os type based on host if your organization is following some kind of naming convention to distinguish servers and endpoints.</P><P>or have csv file which contains hostname and os type of hosts which are sending logs. Then you can lookup os type based on host field.</P> Wed, 05 Aug 2020 03:32:58 GMT thambisetty 2020-08-05T03:32:58Z https://community.splunk.com/t5/Reporting/Reporting-Windows-Security-Events-4732-for-BUILTIN/m-p/512479#M8314 <LI-CODE lang="markup">LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4732 Group: Security ID: BUILTIN\Administrators Group Name: Administrators Group Domain: Builtin</LI-CODE> <P>I am interested in Reporting on the above Event for only Windows Server Systems?&nbsp; Searching for the EventCode returns results for all Windows 10 systems as well. Can someone give me an example of how to cross reference those results with OS Type?&nbsp;</P> <P>Thank you!</P> Wed, 05 Aug 2020 04:43:01 GMT https://community.splunk.com/t5/Reporting/Reporting-Windows-Security-Events-4732-for-BUILTIN/m-p/512479#M8314 MarkSplunker02 2020-08-05T04:43:01Z https://community.splunk.com/t5/Reporting/Reporting-Windows-Security-Events-4732-for-BUILTIN/m-p/512485#M8315 <P>There is no such mechanism to identify os type with the logs. You may identify os type based on host if your organization is following some kind of naming convention to distinguish servers and endpoints.</P><P>or have csv file which contains hostname and os type of hosts which are sending logs. Then you can lookup os type based on host field.</P> Wed, 05 Aug 2020 03:32:58 GMT https://community.splunk.com/t5/Reporting/Reporting-Windows-Security-Events-4732-for-BUILTIN/m-p/512485#M8315 thambisetty 2020-08-05T03:32:58Z