Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

Verify Windows Updates have been Applied

WinEventLog:System

Description

Submitted by SplunkNinja

The following splunk query will return results on any Windows Updates (Patches) that have been applied by searching for the KB value associated with the EventID.  
12 0 
sourcetype=WinEventLog:System EventCode=19 | eval Date=strftime(_time, "%Y/%m/%d")| rex "\WKB(?<KB>.\d+)\W" |stats count by Date, host, KB

Comments

0 total

Be the first to comment on this SPL.

Leave a comment

You must log in to post a comment.

Ad slot: bottom