Operating system versions

udayk1 · ‎04-30-2014

I have a concern that I want to know what are all the operating versions are being used in our organization. I have tried searching the same through different queries like windows wild card and stuff like that, but seems no luck.

Any special query to get this?

somesoni2 · ‎05-01-2014

The Splunk 5.x App for windows should have come up with a WMI input (check wmi.conf file, sourcetype=WMI:Version). Ensure that that is enabled. Then following should give you the OS information

index=main sourcetype="WMI:Version" | rex "Caption=(?<OS>.*)" | table host, OS, Version, ServicePackMajorVersion, ServicePackMinorVersion

Just for reference, following is the content of wmi.conf for [WMI:Version].

wmi.conf

[WMI:Version]
disabled = 1
## Run once per day
interval = 86400
wql = SELECT Caption, ServicePackMajorVersion, ServicePackMinorVersion, Version FROM Win32_OperatingSystem

udayk1 · ‎04-30-2014

Hey thanks a lot. But if I want to get the versions of Operating systems i.e. Windows 7, XP and etc?

somesoni2 · ‎04-30-2014

Try this

index=_internal source=*metrics.log | stats count by hostname, os

Operating system versions

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor