Hello,
I have a search which I run for monitoring memory usage across different platforms. This has been working well for me for quite some time, however, I have recently added Windows Server 2012 machines to my environment, and, due to memory combining, my search does not work properly for those machines. I would like to exclude these machines from the search in a simple way, e.g., by adding a search term like host_os_name!="windows_server_2012*", but have thus far been unable to find if / where splunk logs information about the host beyond just the platform.
Can anyone recommend a straightforward method for gathering this information? Thanks.
You could query your forwarders' REST API for the /server/info
endpoint and use the os_version field to build a lookup or tag list that map host to version.
Not quite straightforward of course, as far as I know you'll only get OS name, architecture, and Splunk version from _internal metrics.
As a small chance, take a a look at the system info output in _internal on bootup of a forwarder. That might contain version info as well, I don't have the systems to verify right now.
You could query your forwarders' REST API for the /server/info
endpoint and use the os_version field to build a lookup or tag list that map host to version.
Not quite straightforward of course, as far as I know you'll only get OS name, architecture, and Splunk version from _internal metrics.
As a small chance, take a a look at the system info output in _internal on bootup of a forwarder. That might contain version info as well, I don't have the systems to verify right now.