SPL
Universal Forwarder Splunk Versions
Description
Returns the version of Splunk Universal Forwarders in an environment via _internal logs.
2 0
index=_internal sourcetype=splunkd group=tcpin_connections version=* os=* arch=* build=* hostname=* source=*metrics.log | stats latest(version) as version,latest(arch) as arch,latest(os) as os,latest(build) as build by hostname | join hostname [ | metadata type=hosts index=* | eval last_seen_hours=(now()-lastTime)/60/60 | table host, last_seen_hours | rex field=host "(?<hostname>[^\.]+)" | fields - host ]
Comments
0 total
Be the first to comment on this SPL.
Leave a comment
You must log in to post a comment.