Here's what I would use:

index=_internal source=*metrics.log* group=tcpin_connections os=* uf  | eval os=os." ".arch | eval version=version." (".build.")" | stats latest(fwdType) AS forwarder_type latest(os) AS os latest(version) AS version by hostname | rename hostname as splunk_forwarder | replace uf with "Universal", full with "Full" in forwarder_type | rename splunk_forwarder as "Splunk Forwarder", forwarder_type as "Forwarder Type", os as "Operating System", version as Version