All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

need to handle .ear files in splunk

spyme72
Path Finder
‎12-04-2013 12:04 PM

i want to compare the .ear file present in production with the UAT environment in splunk.
i know there is a md5 command in eval function but i need to specify a field for it.
has anyone implemented anything similar where they compare zip ,war,ear files.

Tags (2)
0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎12-06-2013 12:45 AM

The eval md5 command is for calculating a digest on a field indexed / extracted in your events.You can't pass a file path to digest the file contents.

For a quick solution , what I would try is using the Command Modular Input and utilizing a system command such as "md5sum" to periodically get a digest of your target archive files (whether they are local or remote files) and indexing the computed digest and file information. You can then run your searches over this to compare your archive files across deployment environments over time.

Of course , you could also write your own dedicated Modular Input to accomplish this task also ie: if you wanted to implement the digest algorithm programatically rather than rely on a system command.

alt text
alt text

Reply

Damien_Dallimor
Ultra Champion
‎01-07-2014 11:08 AM

You need to have the underlying command installed in you environment. This is mentioned in the documentation http://apps.splunk.com/app/1553/ and also on the setup screen.

0 Karma
Reply

spyme72
Path Finder
‎01-07-2014 08:39 AM

thanks for the response.

i am getting an exception in the configure input screen.

"Encountered the following error while trying to save: In handler 'command': Command name md5sum does not exist"

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎12-29-2013 10:41 PM

As per the documentation here , http://apps.splunk.com/app/1553/ :

1) download it
2) extract to $SPLUNK_HOME/etc/apps
3) restart Splunk
4) browse to Data Inputs manager page , as shown above.
5) configure your input , example shown above.

0 Karma
Reply

spyme72
Path Finder
‎12-29-2013 09:40 PM

Hi Could you please let me know on how to use the Command Modular input.
I was not able to find any details documentation on how to use it.
i found that it was a TA and i was not sure on how to reach the command screen as shown in the screen shot.

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...