check expected splunk version with reality

Monitoring
sedi
You already voted!

simply query to compare an expected splunk version with reality.

simply adjust “expected_version” to your expected version:

| rest splunk_server=* /services/server/status/resource-usage/hostwide 
| table splunk_server splunk_version
| eval expected_version="8.1.5"
| eval match_expectation=if(splunk_version == expected_version, "Yes - " . expected_version . " detected", "!! No !! (expected: " . expected_version . " but found: " . splunk_version . ")")
| fields - expected_version splunk_version

a slightly modified one to also show the linux kernel (useful when you are not just reponsible for the splunk but also for the underlying OS):

| rest splunk_server=* /services/server/status/resource-usage/hostwide 
| table splunk_server os_version splunk_version
| eval expected_version="8.1.5"
| eval match_expectation=if(splunk_version == expected_version, "Yes - " . expected_version . " detected", "!! No !! (expected: " . expected_version . " but found: " . splunk_version . ")")
| fields - expected_version splunk_version

Share This:

Tagged: REST

Leave A Comment? Click here to cancel reply.

Newest | Active

Rituparna kar

Active 1 hour, 41 minutes ago
Iryna

Active 23 hours, 31 minutes ago
tenderpale6

Active 1 day, 6 hours ago
theproducer

Active 1 day, 11 hours ago
selljacket4

Active 1 day, 20 hours ago