How to write a search to pull the OS distribution ...

cotekyle · ‎09-09-2015

I'm looking for a search to pull the OS distribution of all hosts in an AWS environment, along with their version. Purpose is to get a snapshot from across an environment with 400+ hosts with what is within.

Even though I know I would need to edit, I started off using a base search of:

 index=_internal fwdType="*" | dedup hostname | stats count by os, version

But that doesn't get to what I'm looking for which would be a count to say
Linux CentOS 5.5 10 hosts
Linux Ubuntu 6 8 hosts
etc.

Any ideas?

MuS · ‎09-09-2015

Hi cotekyle,

the field version in index=_internal is related to the Splunk version and not related to the OS version. You would need to use the Windows App https://splunkbase.splunk.com/app/1680/ or the *unix App https://splunkbase.splunk.com/app/273/ or any other script / WMI to get the OS version.

cheers, MuS

cotekyle · ‎09-10-2015

I have the Unix app for Splunk installed. any additional guidance on where in the app to look or what search to run? Sorry, I'm very new to this.

Thanks, Kyle

MuS · ‎09-10-2015

search on index=os you should find the information in there

How to write a search to pull the OS distribution of all hosts in an AWS environment, along with their versions?

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...