Skip to main content

Printer information in a Windows environment

  • Updated

You might want basic information about the printers in your Windows environment when doing the following:

Prerequisites 

In order to execute this procedure in your environment, the following data, services, or apps are required:

Example

Your boss has asked you to start gathering basic statistics on printer activity in your organization. He would like to know how many print servers and printers there are, as well as what the spooling load is at various times of the day. This information will help with resource planning.

NOTE: To optimize the search shown below, you should specify an index and a time range.

  1. Verify that you deployed the add-on to the search heads and Splunk Universal Forwarders on the monitored systems. For more information, see About installing Splunk add-ons.
  2. Enable the following inputs:
    • *WinPrintMon://printer
    • *WinPrintMon://job
    • *WinPrintMon://driver
    • *WinPrintMon://port
  3. To see only the number of printers on your network, run the following search:  
    eventtype=printmon_windows 
    |stats dc(ComputerName) AS "Print Servers"  dc(printer) AS Printers
  4. For detailed information about the jobs running on the servers, run the following search:  
    eventtype=printmon_windows 
    |dedup JobId, ComputerName 
    |rename ComputerName AS "Print Server" 
    |stats count(JobId) AS "No. of Print Jobs" BY "Print Server" 
    |appendpipe 
        [ stats sum("No. of Print Jobs") AS "Total No. of Print Jobs" 

Search explanation

The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.

Splunk Search

Explanation

eventtype=printmon_windows 

Search only the printer monitor event type. 

|stats dc(ComputerName) AS "Print Servers"  dc(printer) AS Printers

Count the number of distinct printer servers and printers

Splunk Search

Explanation

eventtype=printmon_windows

Search only the printer monitor event type.

|dedup JobId, ComputerName

Remove duplicate combinations of JobId  and ComputerName.

|rename ComputerName AS "Print Server" 

Rename the fields as shown for better readability.. 

|stats count(JobId) AS "No. of Print Jobs" BY "Print Server"

Count the number of jobs by Print Server.

|appendpipe 

     [ stats sum("No. of Print Jobs") AS "Total         No. of Print Jobs"  ]

Use stats to calculate the total number of jobs and use appendpipe to put that information at the end of the outer search results. 

 

Result

The table below shows sample output from the first search. It shows the number of print servers and printers. If you were to look at all the interesting fields, you could find other items that could be reported on in support of your needs, for example, the name of the document being printed, printer name, printer driver, user, submitted time, and total pages. A simple search of only the source type gives the list of available fields. 

Print Servers

Printers

3

5

The next table shows sample output from the second search. These results show the number of unique printer jobs run on each print server and the total. This is just one example of the many metrics one could derive from the data set captured by the add-on for Windows. 

Print Server

No. of Print Jobs

Total No. of Print Jobs

ops-sys-002

100

  

ops-sys-003

100

  

ops-sys-004

100

  
   

300

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

The information provided in Splunk Lantern is intended for informational and educational purposes only. All information is provided in good faith, however, Splunk disclaims any and all representations and warranties, express and implied, regarding the information provided, including without limitation any warranties and representations regarding the completeness, adequacy or accuracy of the information. You agree to take full responsibility for the results arising from the use of the information provided.