Getting Data In

How do I get to know the status of Windows Updates from different Windows servers

kkossery
Communicator

Hi Experts,

I'm trying to setup the Windows Forwarder on different servers to forward the status of Windows Updates to the Splunk Server. I may have missed the document on how to do this. Can you help?

Tags (1)
0 Karma
1 Solution

somesoni2
Revered Legend

Use this to monitor windows update log file (inputs.conf entry)

[monitor://$WINDIR\WindowsUpdate.log]
disabled = 0
sourcetype = WindowsUpdateLog

This is available as part of Splunk TA for windows app in splunk-base. You might want to look at that as well.

View solution in original post

somesoni2
Revered Legend

Use this to monitor windows update log file (inputs.conf entry)

[monitor://$WINDIR\WindowsUpdate.log]
disabled = 0
sourcetype = WindowsUpdateLog

This is available as part of Splunk TA for windows app in splunk-base. You might want to look at that as well.

idab
Path Finder

Hey guys !

So , I was wondering if I could get help here.Basically have the search I modified to check if windows updates were installed successfully(GOOD) or a FAIL. So, when i modified the search I found online .It says the updates were installed as a fail.But checking on the WSUS its says the updates installation was successful.So, i wondering if maybe there is something wrong with my search criteria / conditional clause. Looking forward to a feedback. 🙂

here is my search :
sourcetype=WinEventLog:System EventCode=19 tag=update | eval Date=strftime(_time, "%Y/%m/%d") | rex "\WKB(?.\d+)\W" | eval successRatio = if (status==installed, "GOOD" , "FAILED") | stats count by Date , host, package_title, KB , body , successRatio| sort host

0 Karma

kkossery
Communicator

Thanks a lot!

0 Karma
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...