All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

need to handle .ear files in splunk

spyme72
Path Finder
‎12-04-2013 12:04 PM

i want to compare the .ear file present in production with the UAT environment in splunk.
i know there is a md5 command in eval function but i need to specify a field for it.
has anyone implemented anything similar where they compare zip ,war,ear files.

Tags (2)
0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎12-06-2013 12:45 AM

The eval md5 command is for calculating a digest on a field indexed / extracted in your events.You can't pass a file path to digest the file contents.

For a quick solution , what I would try is using the Command Modular Input and utilizing a system command such as "md5sum" to periodically get a digest of your target archive files (whether they are local or remote files) and indexing the computed digest and file information. You can then run your searches over this to compare your archive files across deployment environments over time.

Of course , you could also write your own dedicated Modular Input to accomplish this task also ie: if you wanted to implement the digest algorithm programatically rather than rely on a system command.

alt text
alt text

Reply

Damien_Dallimor
Ultra Champion
‎01-07-2014 11:08 AM

You need to have the underlying command installed in you environment. This is mentioned in the documentation http://apps.splunk.com/app/1553/ and also on the setup screen.

0 Karma
Reply

spyme72
Path Finder
‎01-07-2014 08:39 AM

thanks for the response.

i am getting an exception in the configure input screen.

"Encountered the following error while trying to save: In handler 'command': Command name md5sum does not exist"

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎12-29-2013 10:41 PM

As per the documentation here , http://apps.splunk.com/app/1553/ :

1) download it
2) extract to $SPLUNK_HOME/etc/apps
3) restart Splunk
4) browse to Data Inputs manager page , as shown above.
5) configure your input , example shown above.

0 Karma
Reply

spyme72
Path Finder
‎12-29-2013 09:40 PM

Hi Could you please let me know on how to use the Command Modular input.
I was not able to find any details documentation on how to use it.
i found that it was a TA and i was not sure on how to reach the command screen as shown in the screen shot.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Search APIを使えば調査過程が残せます

   このゲストブログは、JCOM株式会社の情報セキュリティ本部・専任部長である渡辺慎太郎氏によって執筆されました。 Note: This article is published in both Japanese ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...