Splunk Search

Search to list all UF's and OS including version number (Windows Server 2008 RS, Windows Server 2016)

tsheets13
Path Finder

I did this a few weeks ago and now I can't seem figure out how I did it.

I need a report listing all UFs, with their version of splunk UF as well as specific OS version.

Searched all over here and couldn't find it.

Tags (1)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @tsheets13,
did you explored the Monitoring Console?
at [Settings -- Monitoring Console -- Forwarders -- Forwarders Deployment].
Otherwise you could deploy TA_Windows and TA_nix on servers and in each of these Technical-Addons there a script that extract the os version and you can use this info.

Ciao.
Giuseppe

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @tsheets13,
did you explored the Monitoring Console?
at [Settings -- Monitoring Console -- Forwarders -- Forwarders Deployment].
Otherwise you could deploy TA_Windows and TA_nix on servers and in each of these Technical-Addons there a script that extract the os version and you can use this info.

Ciao.
Giuseppe

View solution in original post

0 Karma

tsheets13
Path Finder

The windows and nix TA's are installed. Just not sure how to form the report.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @tsheets13,
you have to enable the scripts:

[WinHostMon://OperatingSystem] on TA_Windows

and

[script://./bin/hardware.sh] on TA_nix

and then search something like this:
for windows:

index=windows sourcetype=WinHostMon Type=OperatingSystem
| dedup host
| sort host
| table OS Version ServicePack BuildNumber SerialNumber InstallDate LastBootUpTime
| evalInstallDate=strftime(strptime(InstallDate,"%Y%m%d%H%M%S"),"%d/%m/%Y %H.%M.%S"),LastBootUpTime=strftime(strptime(LastBootUpTime,"%Y%m%d%H%M%S"),"%d/%m/%Y %H.%M.%S")

and for linux

index=os sourcetype=Unix:Version
| dedup host
| table os_name os_release os_version machine_architecture_name
| rename os_name AS "Operative System" os_release AS Release os_version AS Version machine_architecture_name AS Architecture

or if you want only one search

(index=windows sourcetype=WinHostMon Type=OperatingSystem) OR (index=os sourcetype=Unix:Version)
| dedup host
| sort host
| ...

Ciao.
Giuseppe

0 Karma

tsheets13
Path Finder

Those two searches are exactly what I was looking for. Thanks

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!