Splunk Search

Search to list all UF's and OS including version number (Windows Server 2008 RS, Windows Server 2016)

tsheets13
Communicator

I did this a few weeks ago and now I can't seem figure out how I did it.

I need a report listing all UFs, with their version of splunk UF as well as specific OS version.

Searched all over here and couldn't find it.

Labels (1)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @tsheets13,
did you explored the Monitoring Console?
at [Settings -- Monitoring Console -- Forwarders -- Forwarders Deployment].
Otherwise you could deploy TA_Windows and TA_nix on servers and in each of these Technical-Addons there a script that extract the os version and you can use this info.

Ciao.
Giuseppe

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @tsheets13,
did you explored the Monitoring Console?
at [Settings -- Monitoring Console -- Forwarders -- Forwarders Deployment].
Otherwise you could deploy TA_Windows and TA_nix on servers and in each of these Technical-Addons there a script that extract the os version and you can use this info.

Ciao.
Giuseppe

0 Karma

tsheets13
Communicator

The windows and nix TA's are installed. Just not sure how to form the report.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @tsheets13,
you have to enable the scripts:

[WinHostMon://OperatingSystem] on TA_Windows

and

[script://./bin/hardware.sh] on TA_nix

and then search something like this:
for windows:

index=windows sourcetype=WinHostMon Type=OperatingSystem
| dedup host
| sort host
| table OS Version ServicePack BuildNumber SerialNumber InstallDate LastBootUpTime
| evalInstallDate=strftime(strptime(InstallDate,"%Y%m%d%H%M%S"),"%d/%m/%Y %H.%M.%S"),LastBootUpTime=strftime(strptime(LastBootUpTime,"%Y%m%d%H%M%S"),"%d/%m/%Y %H.%M.%S")

and for linux

index=os sourcetype=Unix:Version
| dedup host
| table os_name os_release os_version machine_architecture_name
| rename os_name AS "Operative System" os_release AS Release os_version AS Version machine_architecture_name AS Architecture

or if you want only one search

(index=windows sourcetype=WinHostMon Type=OperatingSystem) OR (index=os sourcetype=Unix:Version)
| dedup host
| sort host
| ...

Ciao.
Giuseppe

tsheets13
Communicator

Those two searches are exactly what I was looking for. Thanks

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @tsheets13,

good for you, see next time!

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors 😉

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...