Solved: Re: RHL version on all the UF

deepakgaonkar · ‎02-13-2020

HI All ,

Could you please help me in getting the query to get red hat linux version on the all UF , i have checked many splunk answers the query uses metrics logs and i got only the version of the splunk and os as Linux , but not the actual linux version on the host .

gcusello · ‎02-13-2020

Hi @deepakgaonkar,
if you need only operative system of each target server, you can use a search like this on Deployment Server:

| rest splunk_server=local /services/deployment/server/clients | table instanceName ip utsname

If instead you want more infos about your servers, as the operative system version, you have to use a Technology Add-On (TA) to extract this info from the target.
I'm speaking of TA_Windows (for Windows Servers) and TA_nix (for Linux servers).
You have to take these TAs, enable the stanza to check the operative system version and deploy them to all the targets.

Then you can run a search like this:
for Windows servers:

index=windows sourcetype=WinHostMon Type=OperatingSystem 
            | eval host=upper(host)
            | dedup host 
            | sort host 
            | table OS Version ServicePack BuildNumber SerialNumber InstallDate LastBootUpTime
            | eval 
               InstallDate=strftime(strptime(InstallDate,"%Y%m%d%H%M%S"),"%d/%m/%Y %H.%M.%S"),
               LastBootUpTime=strftime(strptime(LastBootUpTime,"%Y%m%d%H%M%S"),"%d/%m/%Y %H.%M.%S")

For Linux servers:

index=os sourcetype=Unix:Version
            | table os_name os_release os_version machine_architecture_name
            | rename os_name AS "Operative System" os_release AS Release os_version AS Version machine_architecture_name AS Architecture

Ciao.
Giuseppe

View solution in original post

nickhills · ‎02-13-2020

Install the Splunk Addon for Unix to your forwarders, and configure version.sh
https://splunkbase.splunk.com/app/833/

This input collects detailed version information from your host (amongst many other useful things if you wish), and as a bonus will add it to the Inventory Data model.

If my comment helps, please give it a thumbs up!

gcusello · ‎02-13-2020

Hi @deepakgaonkar,
if you need only operative system of each target server, you can use a search like this on Deployment Server:

| rest splunk_server=local /services/deployment/server/clients | table instanceName ip utsname

If instead you want more infos about your servers, as the operative system version, you have to use a Technology Add-On (TA) to extract this info from the target.
I'm speaking of TA_Windows (for Windows Servers) and TA_nix (for Linux servers).
You have to take these TAs, enable the stanza to check the operative system version and deploy them to all the targets.

Then you can run a search like this:
for Windows servers:

index=windows sourcetype=WinHostMon Type=OperatingSystem 
            | eval host=upper(host)
            | dedup host 
            | sort host 
            | table OS Version ServicePack BuildNumber SerialNumber InstallDate LastBootUpTime
            | eval 
               InstallDate=strftime(strptime(InstallDate,"%Y%m%d%H%M%S"),"%d/%m/%Y %H.%M.%S"),
               LastBootUpTime=strftime(strptime(LastBootUpTime,"%Y%m%d%H%M%S"),"%d/%m/%Y %H.%M.%S")

For Linux servers:

index=os sourcetype=Unix:Version
            | table os_name os_release os_version machine_architecture_name
            | rename os_name AS "Operative System" os_release AS Release os_version AS Version machine_architecture_name AS Architecture

Ciao.
Giuseppe

RHL version on all the UF

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation