- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How can i use splunk to query windows registry
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How can i use splunk to query windows registry
I have a .NET web site that is deployed on windows server(2003,2008,2012). My Application contains 6 MSIs which will create registry entry with the version number of the MSI installed on the server.
Can i use splunk to read registry keys and display the MSI versions installed on all my servers ?
Note: I dont want splunk to create an error or event when the registry key is created,updated or deleted. I only want it to show what is the current MSI version installed on the server by reading the registry key.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi@all,
registry monitor is not the way to get this done. Try using scheduled Batch skript:
reg query and pipe it to a Textfile , then monitor this file
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hello there,
check this in docs: https://docs.splunk.com/Documentation/Splunk/6.5.3/Data/MonitorWindowsregistrydata
it covers that topic in detail
hope it helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I configured this. but the problem is, This will only generate events when there is an SET,UPDATE,DELETE... happens to the registry.
I have 6 MSIs.. only 2 are frequently updated and the remaining 4 are rarely updated. I am getting the MSI versions of the 2 which updates frequently but the remaining 4 that are not recently updated are unavailable on splunk.
I do not want splunk to monitor any events that occur on the registry path, instead i just want splunk to read all the keys in the given path and display it to me.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi there, I don't believe you can query Windows Registry as DBX does to a DB, but theres a modular input for that type of data and runs as a process called splunk-regmon.exe.
Create an input and then search or report on it.
Check this out: https://docs.splunk.com/Documentation/Splunk/6.5.3/Data/MonitorWindowsregistrydata
Hope it helps.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I configured this. but the problem is, This will only generate events when there is an SET,UPDATE,DELETE... happens to the registry.
I have 6 MSIs.. only 2 are frequently updated and the remaining 4 are rarely updated. I am getting the MSI versions of the 2 which updates frequently but the remaining 4 that are not recently updated are unavailable on splunk.
I do not want splunk to monitor any events that occur on the registry path, instead i just want splunk to read all the keys in the given path and display it to me.
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
