https://community.splunk.com/t5/Splunk-Search/How-can-i-use-splunk-to-query-windows-registry/m-p/335412#M161333 <P>Hi there, I don't believe you can query Windows Registry as DBX does to a DB, but theres a modular input for that type of data and runs as a process called splunk-regmon.exe.</P> <P>Create an input and then search or report on it.</P> <P>Check this out: <A href="https://docs.splunk.com/Documentation/Splunk/6.5.3/Data/MonitorWindowsregistrydata">https://docs.splunk.com/Documentation/Splunk/6.5.3/Data/MonitorWindowsregistrydata</A></P> <P>Hope it helps.</P> Thu, 20 Apr 2017 14:03:08 GMT alemarzu 2017-04-20T14:03:08Z https://community.splunk.com/t5/Splunk-Search/How-can-i-use-splunk-to-query-windows-registry/m-p/335411#M161332 <P>I have a .NET web site that is deployed on windows server(2003,2008,2012). My Application contains 6 MSIs which will create registry entry with the version number of the MSI installed on the server. </P> <P>Can i use splunk to read registry keys and display the MSI versions installed on all my servers ?</P> <P>Note: I dont want splunk to create an error or event when the registry key is created,updated or deleted. I only want it to show what is the current MSI version installed on the server by reading the registry key.</P> Thu, 20 Apr 2017 09:03:58 GMT https://community.splunk.com/t5/Splunk-Search/How-can-i-use-splunk-to-query-windows-registry/m-p/335411#M161332 manjunath6681 2017-04-20T09:03:58Z https://community.splunk.com/t5/Splunk-Search/How-can-i-use-splunk-to-query-windows-registry/m-p/335412#M161333 <P>Hi there, I don't believe you can query Windows Registry as DBX does to a DB, but theres a modular input for that type of data and runs as a process called splunk-regmon.exe.</P> <P>Create an input and then search or report on it.</P> <P>Check this out: <A href="https://docs.splunk.com/Documentation/Splunk/6.5.3/Data/MonitorWindowsregistrydata">https://docs.splunk.com/Documentation/Splunk/6.5.3/Data/MonitorWindowsregistrydata</A></P> <P>Hope it helps.</P> Thu, 20 Apr 2017 14:03:08 GMT https://community.splunk.com/t5/Splunk-Search/How-can-i-use-splunk-to-query-windows-registry/m-p/335412#M161333 alemarzu 2017-04-20T14:03:08Z https://community.splunk.com/t5/Splunk-Search/How-can-i-use-splunk-to-query-windows-registry/m-p/335413#M161334 <P>hello there,<BR /> check this in docs: <A href="https://docs.splunk.com/Documentation/Splunk/6.5.3/Data/MonitorWindowsregistrydata">https://docs.splunk.com/Documentation/Splunk/6.5.3/Data/MonitorWindowsregistrydata</A><BR /> it covers that topic in detail<BR /> hope it helps</P> Thu, 20 Apr 2017 14:03:31 GMT https://community.splunk.com/t5/Splunk-Search/How-can-i-use-splunk-to-query-windows-registry/m-p/335413#M161334 adonio 2017-04-20T14:03:31Z https://community.splunk.com/t5/Splunk-Search/How-can-i-use-splunk-to-query-windows-registry/m-p/335414#M161335 <P>I configured this. but the problem is, This will only generate events when there is an SET,UPDATE,DELETE... happens to the registry.<BR /> I have 6 MSIs.. only 2 are frequently updated and the remaining 4 are rarely updated. I am getting the MSI versions of the 2 which updates frequently but the remaining 4 that are not recently updated are unavailable on splunk.</P> <P>I do not want splunk to monitor any events that occur on the registry path, instead i just want splunk to read all the keys in the given path and display it to me.</P> Wed, 26 Apr 2017 08:47:19 GMT https://community.splunk.com/t5/Splunk-Search/How-can-i-use-splunk-to-query-windows-registry/m-p/335414#M161335 manjunath6681 2017-04-26T08:47:19Z https://community.splunk.com/t5/Splunk-Search/How-can-i-use-splunk-to-query-windows-registry/m-p/335415#M161336 <P>I configured this. but the problem is, This will only generate events when there is an SET,UPDATE,DELETE... happens to the registry.<BR /> I have 6 MSIs.. only 2 are frequently updated and the remaining 4 are rarely updated. I am getting the MSI versions of the 2 which updates frequently but the remaining 4 that are not recently updated are unavailable on splunk.</P> <P>I do not want splunk to monitor any events that occur on the registry path, instead i just want splunk to read all the keys in the given path and display it to me.</P> Wed, 26 Apr 2017 08:47:26 GMT https://community.splunk.com/t5/Splunk-Search/How-can-i-use-splunk-to-query-windows-registry/m-p/335415#M161336 manjunath6681 2017-04-26T08:47:26Z https://community.splunk.com/t5/Splunk-Search/How-can-i-use-splunk-to-query-windows-registry/m-p/335416#M161337 <P>Hi@all,</P> <P>registry monitor is not the way to get this done. Try using scheduled Batch skript:<BR /> reg query and pipe it to a Textfile , then monitor this file</P> Thu, 13 Jul 2017 09:01:33 GMT https://community.splunk.com/t5/Splunk-Search/How-can-i-use-splunk-to-query-windows-registry/m-p/335416#M161337 thielethomas 2017-07-13T09:01:33Z