Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to verify that new datetime.xml patch was applied to all my instances?

asherer_splunk
Splunk Employee
Splunk Employee
‎12-10-2019 09:49 AM

I've seen the notes about the patch that needs to be applied for the two-digit years in timestamps:

https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020

How do I do a quick-spot check of all my forwarders and full instances to make sure that datetime.xml has been patched?

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

asherer_splunk
Splunk Employee
Splunk Employee
‎12-10-2019 09:57 AM

The sha256sum of the patched datetime.xml file is this:

[root@ip-10-202-22-128 all_date_patch_props]# sha256sum datetime.xml
e6016245a677bff48ea7ddbe8d4b36f9acbd02918e1f90ead812892692d655ea  datetime.xml

So I create a simple bash script (let's call it datetime_check.sh):

sha256sum $SPLUNK_HOME/etc/datetime.xml
sha256sum $SPLUNK_HOME/etc/apps/all_date_patch_props/datetime.xml
sha256sum $SPLUNK_HOME/etc/slave_apps/idxc_date_patch_props/local/datetime.xml

This checks the three main locations that it might be (assuming the default app names) and generates the sum.

Then, make an inputs.conf:

[script://$SPLUNK_HOME/etc/apps/search/bin/datetime_check.sh]
disabled = false
index = main
interval = 3600
source = datetime_check
sourcetype = datetime_check

Then you can simply search for all the sums and use stats to track deployment progress.

View solution in original post

Reply
Solved! Jump to solution
Solution

asherer_splunk
Splunk Employee
Splunk Employee
‎12-10-2019 09:57 AM

The sha256sum of the patched datetime.xml file is this:

[root@ip-10-202-22-128 all_date_patch_props]# sha256sum datetime.xml
e6016245a677bff48ea7ddbe8d4b36f9acbd02918e1f90ead812892692d655ea  datetime.xml

So I create a simple bash script (let's call it datetime_check.sh):

sha256sum $SPLUNK_HOME/etc/datetime.xml
sha256sum $SPLUNK_HOME/etc/apps/all_date_patch_props/datetime.xml
sha256sum $SPLUNK_HOME/etc/slave_apps/idxc_date_patch_props/local/datetime.xml

This checks the three main locations that it might be (assuming the default app names) and generates the sum.

Then, make an inputs.conf:

[script://$SPLUNK_HOME/etc/apps/search/bin/datetime_check.sh]
disabled = false
index = main
interval = 3600
source = datetime_check
sourcetype = datetime_check

Then you can simply search for all the sums and use stats to track deployment progress.

Reply
Solved! Jump to solution

arun_kant_sharm
Path Finder
‎12-26-2019 12:49 AM

Hi Asherer,

In your answer you check the datetime.xml check-sum (i.e sha256sum) in three locations

sha256sum $SPLUNK_HOME/etc/datetime.xml
sha256sum $SPLUNK_HOME/etc/apps/all_date_patch_props/datetime.xml
sha256sum $SPLUNK_HOME/etc/slave_apps/idxc_date_patch_props/local/datetime.xml

is this location same for Deployment server, Search Head server, Indexer server and Universal forwarder server???

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...