Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

I have a query to fetch Kernel version from all the Linux servers

Hema_Nithya
Explorer
‎11-07-2023 06:30 PM

I have a query to fetch Kernel version from all the Linux servers . We update the Kernel Patch every quarter . I have to hardcode the kernel versions in the search query 3.10.0-1160.92.1.el7.x86_64  every quarter . 

There are 3 versions  which I need to hardcode in the search query . Is there any specific way where we can update the query automatic . 

Labels (2)
Labels
0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎11-07-2023 09:48 PM

You could externalise the versions to a lookup file and the query could get the versions from that lookup file and use those values in the query, e.g. if you had a lookup file with 

version,date_from
3.10.0-1160.92.1.el7.x86_64,2023-11-06

then the query could use a subsearch to get the latest version based on date_from field in the lookup to use in the query.

As for how to update that automatically, it would depend on where your data is coming from. You could use the REST api to perform actions on the Splunk server. 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...