I need to create a dashboard to list the servers that have a certain application (windows) or package (linux) installed.
I needed the dashboard to return list of servers that have a certain package along with the version numbers.
For windows i intend to use sourcetype="Script:InstalledApps" and for linux sourcetype=package .
For Windows : The o/p of these commands is a list of applications that have DisplayName= several times in the same ouotput. As a result splunk does not return the list of applications as a field that is indexed. Infact in my case it shows DisplayName="7-Zip 16.02 (x64)" because its the first application returned by the command.
For Linux: The same issue as above. Infact the Name field is not even shown as an interesting field.
How can i write a command that will give me the desired o/p considering the above constraints.?
Hi,
For Windows:
Are software installed on windows machine are listed in windows registry? Windows script will only report installed software recorded in the Windows registry; other software (like putty) will not be reported. Refer this link: https://answers.splunk.com/answers/126533/using-splunk-to-determine-installed-software.html
Also you can take help of following link to create modular input using powershell script:
https://answers.splunk.com/answers/444328/how-to-list-out-unwanted-software-installed-on-use.html