Getting Data In

How do I get to know the status of Windows Updates from different Windows servers

kkossery
Communicator

Hi Experts,

I'm trying to setup the Windows Forwarder on different servers to forward the status of Windows Updates to the Splunk Server. I may have missed the document on how to do this. Can you help?

Tags (1)
0 Karma
1 Solution

somesoni2
Revered Legend

Use this to monitor windows update log file (inputs.conf entry)

[monitor://$WINDIR\WindowsUpdate.log]
disabled = 0
sourcetype = WindowsUpdateLog

This is available as part of Splunk TA for windows app in splunk-base. You might want to look at that as well.

View solution in original post

somesoni2
Revered Legend

Use this to monitor windows update log file (inputs.conf entry)

[monitor://$WINDIR\WindowsUpdate.log]
disabled = 0
sourcetype = WindowsUpdateLog

This is available as part of Splunk TA for windows app in splunk-base. You might want to look at that as well.

idab
Path Finder

Hey guys !

So , I was wondering if I could get help here.Basically have the search I modified to check if windows updates were installed successfully(GOOD) or a FAIL. So, when i modified the search I found online .It says the updates were installed as a fail.But checking on the WSUS its says the updates installation was successful.So, i wondering if maybe there is something wrong with my search criteria / conditional clause. Looking forward to a feedback. 🙂

here is my search :
sourcetype=WinEventLog:System EventCode=19 tag=update | eval Date=strftime(_time, "%Y/%m/%d") | rex "\WKB(?.\d+)\W" | eval successRatio = if (status==installed, "GOOD" , "FAILED") | stats count by Date , host, package_title, KB , body , successRatio| sort host

0 Karma

kkossery
Communicator

Thanks a lot!

0 Karma
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...