Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

RPM detection

catch_mili
Explorer
‎03-08-2013 01:57 AM

How to detect if new rpm installed in Centos OS using Splunk. OR
How should I monitor rpm -qa in Splunk.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎03-08-2013 02:38 AM

Hi catch_mili

like in your Solaris question ... it's the same here: how would you detect a newly installed RPM in CentOS and then provide it into splunk.

for example:

you can get with rpm -qa a full list of installed RPM and with rpm -qi <RPM Name> you can get the install date. With this you can build a scripted input.

cheers,
MuS

View solution in original post

Reply
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎03-08-2013 02:38 AM

Hi catch_mili

like in your Solaris question ... it's the same here: how would you detect a newly installed RPM in CentOS and then provide it into splunk.

for example:

you can get with rpm -qa a full list of installed RPM and with rpm -qi <RPM Name> you can get the install date. With this you can build a scripted input.

cheers,
MuS

Reply
Solved! Jump to solution

dwaddle
SplunkTrust
SplunkTrust
‎05-29-2013 06:30 AM

RPM gives you one additional option too, the --queryformat option, which can give you additional data, like the install time. An example is as such:

rpm --queryformat "%{NAME} %{VERSION} %{INSTALLTIME}\n" -qa
0 Karma
Reply
Solved! Jump to solution

blebit
Path Finder
‎01-16-2015 02:56 AM

hi dwaddle,
how to convert install time into readable format ?
thanks

0 Karma
Reply
Solved! Jump to solution

MuS
SplunkTrust
SplunkTrust
‎01-16-2015 03:32 AM

although this is completely un-related to Splunk I provide an answer here 😉

rpm --queryformat "%{NAME} %{VERSION} %{INSTALLTIME:date}\n" -qa

found here http://www.nbtnet.newboundary.com/support/docs/ppm/ppm/ppm_6_3/general_unix/ppm0362.htm after one single google search 🙂

0 Karma
Reply
Solved! Jump to solution

catch_mili
Explorer
‎03-12-2013 01:51 AM

Hi MuS, Thanks.

0 Karma
Reply
Solved! Jump to solution

blebit
Path Finder
‎01-16-2015 02:51 AM

hi MuS,
can you tell how this script would be please?
Thank you

0 Karma
Reply
Solved! Jump to solution

MuS
SplunkTrust
SplunkTrust
‎01-16-2015 03:33 AM

This is not possible, since i don't know your environment nor your requirement.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...