How to write a Splunk query to find the Splunk UF ...

Hemnaath · ‎10-31-2022

Hi Team,

I wanted to wirte query to find the Splunk agent version of specific set of hosts in our environment, I had tired the below link to find out version detail for all UF uisng the below link.

https://community.splunk.com/t5/Getting-Data-In/How-can-I-find-a-listing-of-all-universal-forwarders...

But I am unable to segregate to specific set of hosts. So could anyone let me know how to wirte a query to fetch the version details.

Thanks in Advance.

richgalloway · ‎10-31-2022

The Monitoring Console will do that, if you have forwarder monitoring enabled. Go to Forwarders->Forwarders:Deployment in the MC.

---
If this reply helps you, Karma would be appreciated.

Hemnaath · ‎10-31-2022

thanks for your time, Yes I know that we can find that from Splunk Monitoring console, but is there a way to write a query which can be used to fetch specific set of host agent version from search head.

thanks in advance.

richgalloway · ‎11-01-2022

Grab the query from the MC and put it on the SH of choice. Modify it as desired.

---
If this reply helps you, Karma would be appreciated.

How to write a Splunk query to find the Splunk UF version for specific set of hosts in Splunk Enterprise

administration

upgrade

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

There's No Place Like Chrome and the Splunk Platform

Customer Experience | Join the Customer Advisory Board!