Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Check if a particular file exists inside a tar file

BasicLearner
Loves-to-Learn Everything
‎01-05-2022 02:17 PM

I have field with filename  containing .tgz file. I need to check if a particular file example XYZ exists inside this .tgz file.
 How can I do this?

Thanks in advance.

 

Tags (1)
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎01-05-2022 06:02 PM

Yes, as said on previous reply, there is no "direct" splunk command to do this task.

you have to write a custom command..

Better idea, as i did in my previous project, for downloading weekly GeoLite files, i ran a shell script which does these tasks inside(tar command got the options:

/bin/tar -zxvf /opt/splunk/fullpath/GeoLite2-City-Latest.tgz -C /opt/splunk/etc/apps/somepath/local/ --strip-components=1 GeoLite2-City_*/GeoLite2-City.mmdb

) and the script output can be fed to splunk. the shell script can be run by cronjob on required intervals..

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
Reply

BasicLearner
Loves-to-Learn Everything
‎01-06-2022 01:59 AM

Hi inventsekar,

Thank you for your inputs. Need to try the shell script option.

 

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎01-06-2022 05:55 AM

Hi @BasicLearner ,.. as you "almost" got your answer, maybe you could "accept as solution" the previous reply, so that this post will become an answered post and i will get my 2 cents as well 😉

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-05-2022 05:18 PM

Write a custom command that does the equivalent of 

tar -ztf $1 | grep $2

This assumes the tarball is on the local search head.

IOW, Splunk does not have this functionality built-in.

---
If this reply helps you, Karma would be appreciated.
Reply

BasicLearner
Loves-to-Learn Everything
‎01-10-2022 01:45 AM

Sorry this did not help me find the solution.

 

0 Karma
Reply

BasicLearner
Loves-to-Learn Everything
‎01-06-2022 02:00 AM

Hi Richgalloway,

Thank you for the information. Need to try more of these options. I am still new to splunk.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
Top