All Apps and Add-ons

need to handle .ear files in splunk

spyme72
Path Finder

i want to compare the .ear file present in production with the UAT environment in splunk.
i know there is a md5 command in eval function but i need to specify a field for it.
has anyone implemented anything similar where they compare zip ,war,ear files.

Tags (2)
0 Karma

Damien_Dallimor
Ultra Champion

The eval md5 command is for calculating a digest on a field indexed / extracted in your events.You can't pass a file path to digest the file contents.

For a quick solution , what I would try is using the Command Modular Input and utilizing a system command such as "md5sum" to periodically get a digest of your target archive files (whether they are local or remote files) and indexing the computed digest and file information. You can then run your searches over this to compare your archive files across deployment environments over time.

Of course , you could also write your own dedicated Modular Input to accomplish this task also ie: if you wanted to implement the digest algorithm programatically rather than rely on a system command.

alt text
alt text

Damien_Dallimor
Ultra Champion

You need to have the underlying command installed in you environment. This is mentioned in the documentation http://apps.splunk.com/app/1553/ and also on the setup screen.

0 Karma

spyme72
Path Finder

thanks for the response.

i am getting an exception in the configure input screen.

"Encountered the following error while trying to save: In handler 'command': Command name md5sum does not exist"

0 Karma

Damien_Dallimor
Ultra Champion

As per the documentation here , http://apps.splunk.com/app/1553/ :

1) download it
2) extract to $SPLUNK_HOME/etc/apps
3) restart Splunk
4) browse to Data Inputs manager page , as shown above.
5) configure your input , example shown above.

0 Karma

spyme72
Path Finder

Hi Could you please let me know on how to use the Command Modular input.
I was not able to find any details documentation on how to use it.
i found that it was a TA and i was not sure on how to reach the command screen as shown in the screen shot.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...