Splunk Search

Splunk build number to version table?

Lowell
Super Champion

Does anyone have a splunk build number to splunk version number table of some sort? I'm looking at building a view for deployment information from the DeploymentMetrics events. Unfortunately, these events contain a build field but not the version of splunk.

Does anyone know of any existing table with this information?

I would prefer not to have to go coble it all together myself, if I don't have to. (I could parse the info out of my downloaded splunk installers, but that's a pain). If some one has this list in CSV format would be great, since my goal is to put this into a lookup table.

Tags (2)
1 Solution

Simeon
Splunk Employee
Splunk Employee

You can easily check the splunk.com/download page and view the older releases for your OS. The release number is embedded in the name of the download file along with the version. I've cut and pasted most versions for Linux 64 bit (note that they might slightly differ per platform):

splunk-4.1-77833-linux-2.6-x86_64.rpm
splunk-4.0.10-77146-linux-2.6-x86_64.rpm
splunk-4.0.9-74233-linux-2.6-x86_64.rpm
splunk-4.0.8-73243-linux-2.6-x86_64.rpm
splunk-4.0.7-72459-linux-2.6-x86_64.rpm
splunk-4.0.6-70313-linux-2.6-x86_64.rpm
splunk-4.0.5-69401-linux-2.6-x86_64.rpm
splunk-4.0.4-67724-linux-2.6-x86_64.rpm
splunk-4.0.3-65638-linux-2.6-x86_64.rpm
splunk-4.0.2-64889-linux-2.6-x86_64.rpm
splunk-4.0.1-64658-linux-2.6-x86_64.rpm
splunk-3.4.13-75215-linux-2.6-x86_64.rpm
splunk-3.4.12-69236-linux-2.6-x86_64.rpm
splunk-3.4.11-65313-linux-2.6-x86_64.rpm
splunk-3.4.10-60883-linux-2.6-x86_64.rpm
splunk-3.4.9-57762-linux-2.6-x86_64.rpm
splunk-3.4.8-54309-linux-2.6-x86_64.rpm
splunk-3.4.6-51113-linux-2.6-x86_64.rpm
splunk-3.4.5-47883-linux-2.6-x86_64.rpm
splunk-3.4.3-46779-linux-2.6-x86_64.rpm
splunk-3.4.2-46047-linux-2.6-x86_64.rpm
splunk-3.4.1-45588-linux-2.6-x86_64.rpm
splunk-3.4-44873-linux-2.6-x86_64.rpm
splunk-3.3.4-43000-linux-2.6-x86_64.rpm
splunk-3.3.3-42717-linux-2.6-x86_64.rpm
splunk-3.3.2-41320-linux-2.6-x86_64.rpm
splunk-3.3.1-39933-linux-2.6-x86_64.rpm
splunk-3.3-38914-linux-2.6-x86_64.rpm
splunk-3.2.6-38259-linux-2.6-x86_64.rpm
splunk-3.2.5-38160-linux-2.6-x86_64.rpm
splunk-3.2.4-37025-linux-2.6-x86_64.rpm
splunk-3.2.3-35555-linux-2.6-x86_64.rpm
splunk-3.2.2-34603-linux-2.6-x86_64.rpm
splunk-3.2.1-34291-linux-2.6-x86_64.rpm
splunk-3.2-33572-linux-2.6-x86_64.rpm
splunk-3.1.5-31521-linux-2.6-x86_64.rpm
splunk-3.1.4-30364-linux-2.6-x86_64.rpm
splunk-3.1.3-28524-linux-2.6-x86_64.rpm
splunk-3.1.2-28096-linux-2.6-x86_64.rpm
splunk-3.1.1-27147-linux-2.6-x86_64.rpm
splunk-3.1-26228-linux-2.6-x86_64.rpm
splunk-3.0.2-24828-linux-2.6-x86_64.rpm
splunk-3.0.1-24078-linux-2.6-x86_64.rpm
splunk-3.0-23043-linux-2.6-x86_64.rpm

View solution in original post

Lowell
Super Champion

Yeah, the version number and build in a single log message at startup time would be helpful too. 😉

0 Karma

jrodman
Splunk Employee
Splunk Employee

This points to: we should really just add the version number to the boot up information.

Lowell
Super Champion

Here is a little script to extract version info from splunk's download web pages. For anyone who is interested.

#!/usr/bin/python
""" Simple little script to build a list of splunks build and version numbers
pulled from the 'previous download' page on Splunk's main web page.
"""

import os, sys, re, csv, urllib2

webpage_urls  = [
    "http://www.splunk.com/downloads",
    "http://www.splunk.com/page/previous_releases"
]
# Be sure to set this to an appropriate path on your system.
#outfile = os.path.join(os.environ["SPLUNK_HOME"], "etc", "system", "lookups", "splunk_builds.csv")
outfile = "splunk_builds.csv"

splunk_splitter = re.compile(r'\bsplunk-\d+\.\d+(?:\.\d+)?-\d+-[\w._-]+\.(?:tgz|rpm|deb|msi|pkg\.Z|tar\.Z|bin)\b')
splunk_re = re.compile(r'^splunk-(?P<version>\d+\.\d+(?:\.\d+)?)-(?P<build>\d+)-(?P<platform>[\w._-]+)\.(?P<ext>tgz|rpm|deb|msi|pkg\.Z|tar\.Z|bin)')

def extract_version(url):
    fp = urllib2.urlopen(url)
    content = fp.read()
    for txt in splunk_splitter.findall(content):
        d = splunk_re.match(txt).groupdict()
        if d["ext"] == "msi":
            d["platform"] = d["platform"].replace("release", "windows")
        yield d

results = {}
for url in webpage_urls:
    for gd in extract_version(url):
        k = (int(gd["build"]), gd["version"])
        platform = gd["platform"]
        if k in results:
            results[k].add(platform)
        else:
            results[k] = set([platform])

o = csv.writer(open(outfile, "w"))
o.writerow(("build", "version", "platforms"))

for key in sorted(results.keys()):
    platform = results[key]
    print key[0], key[1]
    o.writerow( (key[0], key[1], ";".join(platform)) )

transforms.conf:

[splunkbuild]
filename = splunk_builds.csv

Then you can do a search like:

index=_internal sourcetype=splunkd loader "Splunkd starting" | rex "build (?<build>\d+)" | lookup splunkbuild build OUTPUT version

jameshgibson
Path Finder

for those of you wondering why this doesn't work when you copy and paste it's because the answers regex have had the backslashes removed when it was posted. Put a backslah before the . and b and w in the regexes and it will work once properly indented.

0 Karma

Simeon
Splunk Employee
Splunk Employee

You can easily check the splunk.com/download page and view the older releases for your OS. The release number is embedded in the name of the download file along with the version. I've cut and pasted most versions for Linux 64 bit (note that they might slightly differ per platform):

splunk-4.1-77833-linux-2.6-x86_64.rpm
splunk-4.0.10-77146-linux-2.6-x86_64.rpm
splunk-4.0.9-74233-linux-2.6-x86_64.rpm
splunk-4.0.8-73243-linux-2.6-x86_64.rpm
splunk-4.0.7-72459-linux-2.6-x86_64.rpm
splunk-4.0.6-70313-linux-2.6-x86_64.rpm
splunk-4.0.5-69401-linux-2.6-x86_64.rpm
splunk-4.0.4-67724-linux-2.6-x86_64.rpm
splunk-4.0.3-65638-linux-2.6-x86_64.rpm
splunk-4.0.2-64889-linux-2.6-x86_64.rpm
splunk-4.0.1-64658-linux-2.6-x86_64.rpm
splunk-3.4.13-75215-linux-2.6-x86_64.rpm
splunk-3.4.12-69236-linux-2.6-x86_64.rpm
splunk-3.4.11-65313-linux-2.6-x86_64.rpm
splunk-3.4.10-60883-linux-2.6-x86_64.rpm
splunk-3.4.9-57762-linux-2.6-x86_64.rpm
splunk-3.4.8-54309-linux-2.6-x86_64.rpm
splunk-3.4.6-51113-linux-2.6-x86_64.rpm
splunk-3.4.5-47883-linux-2.6-x86_64.rpm
splunk-3.4.3-46779-linux-2.6-x86_64.rpm
splunk-3.4.2-46047-linux-2.6-x86_64.rpm
splunk-3.4.1-45588-linux-2.6-x86_64.rpm
splunk-3.4-44873-linux-2.6-x86_64.rpm
splunk-3.3.4-43000-linux-2.6-x86_64.rpm
splunk-3.3.3-42717-linux-2.6-x86_64.rpm
splunk-3.3.2-41320-linux-2.6-x86_64.rpm
splunk-3.3.1-39933-linux-2.6-x86_64.rpm
splunk-3.3-38914-linux-2.6-x86_64.rpm
splunk-3.2.6-38259-linux-2.6-x86_64.rpm
splunk-3.2.5-38160-linux-2.6-x86_64.rpm
splunk-3.2.4-37025-linux-2.6-x86_64.rpm
splunk-3.2.3-35555-linux-2.6-x86_64.rpm
splunk-3.2.2-34603-linux-2.6-x86_64.rpm
splunk-3.2.1-34291-linux-2.6-x86_64.rpm
splunk-3.2-33572-linux-2.6-x86_64.rpm
splunk-3.1.5-31521-linux-2.6-x86_64.rpm
splunk-3.1.4-30364-linux-2.6-x86_64.rpm
splunk-3.1.3-28524-linux-2.6-x86_64.rpm
splunk-3.1.2-28096-linux-2.6-x86_64.rpm
splunk-3.1.1-27147-linux-2.6-x86_64.rpm
splunk-3.1-26228-linux-2.6-x86_64.rpm
splunk-3.0.2-24828-linux-2.6-x86_64.rpm
splunk-3.0.1-24078-linux-2.6-x86_64.rpm
splunk-3.0-23043-linux-2.6-x86_64.rpm
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...