Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Check if a particular file exists inside a tar file

BasicLearner
Loves-to-Learn Everything
‎01-05-2022 02:17 PM

I have field with filename  containing .tgz file. I need to check if a particular file example XYZ exists inside this .tgz file.
 How can I do this?

Thanks in advance.

 

Tags (1)
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎01-05-2022 06:02 PM

Yes, as said on previous reply, there is no "direct" splunk command to do this task.

you have to write a custom command..

Better idea, as i did in my previous project, for downloading weekly GeoLite files, i ran a shell script which does these tasks inside(tar command got the options:

/bin/tar -zxvf /opt/splunk/fullpath/GeoLite2-City-Latest.tgz -C /opt/splunk/etc/apps/somepath/local/ --strip-components=1 GeoLite2-City_*/GeoLite2-City.mmdb

) and the script output can be fed to splunk. the shell script can be run by cronjob on required intervals..

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
Reply

BasicLearner
Loves-to-Learn Everything
‎01-06-2022 01:59 AM

Hi inventsekar,

Thank you for your inputs. Need to try the shell script option.

 

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎01-06-2022 05:55 AM

Hi @BasicLearner ,.. as you "almost" got your answer, maybe you could "accept as solution" the previous reply, so that this post will become an answered post and i will get my 2 cents as well 😉

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-05-2022 05:18 PM

Write a custom command that does the equivalent of 

tar -ztf $1 | grep $2

This assumes the tarball is on the local search head.

IOW, Splunk does not have this functionality built-in.

---
If this reply helps you, Karma would be appreciated.
Reply

BasicLearner
Loves-to-Learn Everything
‎01-10-2022 01:45 AM

Sorry this did not help me find the solution.

 

0 Karma
Reply

BasicLearner
Loves-to-Learn Everything
‎01-06-2022 02:00 AM

Hi Richgalloway,

Thank you for the information. Need to try more of these options. I am still new to splunk.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...
Top