Windows Software Matrix


This query will generate a software matrix or viewing the versions and names of all software installed on windows hosts reporting to Splunk.  It requires the Stanza [script://.\bin\win_installed_apps.bat] enabled in the Splunk_TA_Windows Add-on.  We run this once a day and have a dashboard for viewing the data that’s hard set for the past 24 hours.

Add-Ons Required:

Splunk Add-on for Microsoft Windows


You can use the following fields to filter the search to focus on specific views.
I left the fields I like to filter on in the search filter with wildcards.
The search also excludes values where the Display name is the Registry Key HEX Value (No Name), a Hotfix, or KB. These can be removed to also view Hotfixes and Windows KB updates.

I had to do alot of Regex to clean up the DisplayName and Publisher fields and it was based of what I saw in my environment so you may need to change these to fit your data..

Share This:

Leave A Comment?