Getting Data In

How do I get to know the status of Windows Updates from different Windows servers

kkossery
Communicator

Hi Experts,

I'm trying to setup the Windows Forwarder on different servers to forward the status of Windows Updates to the Splunk Server. I may have missed the document on how to do this. Can you help?

Tags (1)
0 Karma
1 Solution

somesoni2
Revered Legend

Use this to monitor windows update log file (inputs.conf entry)

[monitor://$WINDIR\WindowsUpdate.log]
disabled = 0
sourcetype = WindowsUpdateLog

This is available as part of Splunk TA for windows app in splunk-base. You might want to look at that as well.

View solution in original post

somesoni2
Revered Legend

Use this to monitor windows update log file (inputs.conf entry)

[monitor://$WINDIR\WindowsUpdate.log]
disabled = 0
sourcetype = WindowsUpdateLog

This is available as part of Splunk TA for windows app in splunk-base. You might want to look at that as well.

idab
Path Finder

Hey guys !

So , I was wondering if I could get help here.Basically have the search I modified to check if windows updates were installed successfully(GOOD) or a FAIL. So, when i modified the search I found online .It says the updates were installed as a fail.But checking on the WSUS its says the updates installation was successful.So, i wondering if maybe there is something wrong with my search criteria / conditional clause. Looking forward to a feedback. 🙂

here is my search :
sourcetype=WinEventLog:System EventCode=19 tag=update | eval Date=strftime(_time, "%Y/%m/%d") | rex "\WKB(?.\d+)\W" | eval successRatio = if (status==installed, "GOOD" , "FAILED") | stats count by Date , host, package_title, KB , body , successRatio| sort host

0 Karma

kkossery
Communicator

Thanks a lot!

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...