I want to check for list of applications installed and its versions from all the PCs in my environment. If all the list of applications and the expected versions are present in the PC, I want to tag it as compliant.
Sample Data: Consider the following data added to Splunk, PC, Name, Version are the field names and I have added some values to it.
PC : x,y
Name : Adobe, Chrome, vlc
Version : 10(Adobe), 11(Chrome), 12(vlc) (--> I added App Name within brackets for our understanding, Version field only has the numeric values 10,11 and 12 given here)
My Requirement : I want to check for each PC x and y, If all three applications Adobe,Chrome and vlc are installed with the version given above or newer version.
I am trying with the following query but I am not getting the result.
| eval PreReq=case((Name="Adobe" AND Version>="10") AND (Name="Chrome" AND Version>="11") AND (Name="vlc" AND Version>="12"),"Compliant",1=1,"NonCompliant")
| stats values(PreReq) as Status BY PC
This isn't giving me intended result, It would be great if someone can help me with the logic for my requirement. Thanks!
↧