Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Search to list all UF's and OS including version number (Windows Server 2008 RS, Windows Server 2016)

tsheets13
Communicator
‎12-03-2019 09:17 AM

I did this a few weeks ago and now I can't seem figure out how I did it.

I need a report listing all UFs, with their version of splunk UF as well as specific OS version.

Searched all over here and couldn't find it.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎12-04-2019 12:05 AM

Hi @tsheets13,
did you explored the Monitoring Console?
at [Settings -- Monitoring Console -- Forwarders -- Forwarders Deployment].
Otherwise you could deploy TA_Windows and TA_nix on servers and in each of these Technical-Addons there a script that extract the os version and you can use this info.

Ciao.
Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎12-04-2019 12:05 AM

Hi @tsheets13,
did you explored the Monitoring Console?
at [Settings -- Monitoring Console -- Forwarders -- Forwarders Deployment].
Otherwise you could deploy TA_Windows and TA_nix on servers and in each of these Technical-Addons there a script that extract the os version and you can use this info.

Ciao.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

tsheets13
Communicator
‎12-04-2019 06:11 AM

The windows and nix TA's are installed. Just not sure how to form the report.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎12-04-2019 06:29 AM

Hi @tsheets13,
you have to enable the scripts:

[WinHostMon://OperatingSystem] on TA_Windows

and

[script://./bin/hardware.sh] on TA_nix

and then search something like this:
for windows:

index=windows sourcetype=WinHostMon Type=OperatingSystem
| dedup host
| sort host
| table OS Version ServicePack BuildNumber SerialNumber InstallDate LastBootUpTime
| evalInstallDate=strftime(strptime(InstallDate,"%Y%m%d%H%M%S"),"%d/%m/%Y %H.%M.%S"),LastBootUpTime=strftime(strptime(LastBootUpTime,"%Y%m%d%H%M%S"),"%d/%m/%Y %H.%M.%S")

and for linux

index=os sourcetype=Unix:Version
| dedup host
| table os_name os_release os_version machine_architecture_name
| rename os_name AS "Operative System" os_release AS Release os_version AS Version machine_architecture_name AS Architecture

or if you want only one search

(index=windows sourcetype=WinHostMon Type=OperatingSystem) OR (index=os sourcetype=Unix:Version)
| dedup host
| sort host
| ...

Ciao.
Giuseppe

Reply
Solved! Jump to solution

tsheets13
Communicator
‎12-04-2019 12:32 PM

Those two searches are exactly what I was looking for. Thanks

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-16-2022 11:13 PM

Hi @tsheets13,

good for you, see next time!

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...