Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Collect outdated packages (apt list --upgradable) through UF

worm929
Explorer
‎02-23-2018 03:28 PM

Hey guys,

you know how you can run $ apt list --upgradable and get a list of all the packages that have a pending update?
I want to get that info from all my linux host in Splunk, so I can see: "this host has 100 pending updates", etc.

I can think of many ways to do it, but the most elegant one I believe would be using the UF with a script to get the data (in a very similar way as the Add-on for Unix does it). The problem is, I've never done such a thing and I'm very new to this.

Has someone done this before? any pointers? any other solution that would be better? (i.e: I don't want to have to run a cronjob to create a log to then ingest that, it makes it difficult to distribute to all hosts)

thanks!

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-24-2018 04:14 PM

All you need is a one-liner shell script or whatever fancy thing you want to build, and tell the UF to run it on a schedule: http://docs.splunk.com/Documentation/Splunk/7.0.2/Data/Getdatafromscriptedinputs#Add_a_scripted_inpu...
The forwarder will take stdout from the script, and send it off to be indexed. Make sure your script prints out a timestamp before the actual output, that way you'll make your splunking life so much easier.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...