Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: RHL version on all the UF
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI All ,
Could you please help me in getting the query to get red hat linux version on the all UF , i have checked many splunk answers the query uses metrics logs and i got only the version of the splunk and os as Linux , but not the actual linux version on the host .
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @deepakgaonkar,
if you need only operative system of each target server, you can use a search like this on Deployment Server:
| rest splunk_server=local /services/deployment/server/clients | table instanceName ip utsname
If instead you want more infos about your servers, as the operative system version, you have to use a Technology Add-On (TA) to extract this info from the target.
I'm speaking of TA_Windows (for Windows Servers) and TA_nix (for Linux servers).
You have to take these TAs, enable the stanza to check the operative system version and deploy them to all the targets.
Then you can run a search like this:
for Windows servers:
index=windows sourcetype=WinHostMon Type=OperatingSystem
| eval host=upper(host)
| dedup host
| sort host
| table OS Version ServicePack BuildNumber SerialNumber InstallDate LastBootUpTime
| eval
InstallDate=strftime(strptime(InstallDate,"%Y%m%d%H%M%S"),"%d/%m/%Y %H.%M.%S"),
LastBootUpTime=strftime(strptime(LastBootUpTime,"%Y%m%d%H%M%S"),"%d/%m/%Y %H.%M.%S")
For Linux servers:
index=os sourcetype=Unix:Version
| table os_name os_release os_version machine_architecture_name
| rename os_name AS "Operative System" os_release AS Release os_version AS Version machine_architecture_name AS Architecture
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Install the Splunk Addon for Unix to your forwarders, and configure version.sh
https://splunkbase.splunk.com/app/833/
This input collects detailed version information from your host (amongst many other useful things if you wish), and as a bonus will add it to the Inventory Data model.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @deepakgaonkar,
if you need only operative system of each target server, you can use a search like this on Deployment Server:
| rest splunk_server=local /services/deployment/server/clients | table instanceName ip utsname
If instead you want more infos about your servers, as the operative system version, you have to use a Technology Add-On (TA) to extract this info from the target.
I'm speaking of TA_Windows (for Windows Servers) and TA_nix (for Linux servers).
You have to take these TAs, enable the stanza to check the operative system version and deploy them to all the targets.
Then you can run a search like this:
for Windows servers:
index=windows sourcetype=WinHostMon Type=OperatingSystem
| eval host=upper(host)
| dedup host
| sort host
| table OS Version ServicePack BuildNumber SerialNumber InstallDate LastBootUpTime
| eval
InstallDate=strftime(strptime(InstallDate,"%Y%m%d%H%M%S"),"%d/%m/%Y %H.%M.%S"),
LastBootUpTime=strftime(strptime(LastBootUpTime,"%Y%m%d%H%M%S"),"%d/%m/%Y %H.%M.%S")
For Linux servers:
index=os sourcetype=Unix:Version
| table os_name os_release os_version machine_architecture_name
| rename os_name AS "Operative System" os_release AS Release os_version AS Version machine_architecture_name AS Architecture
Ciao.
Giuseppe
.conf25 Community Recap
Splunk App Developers | .conf25 Recap & What’s Next
Congratulations to the 2025-2026 SplunkTrust!
