Splunk Search
Highlighted

Splunk build number to version table?

Super Champion

Does anyone have a splunk build number to splunk version number table of some sort? I'm looking at building a view for deployment information from the DeploymentMetrics events. Unfortunately, these events contain a build field but not the version of splunk.

Does anyone know of any existing table with this information?

I would prefer not to have to go coble it all together myself, if I don't have to. (I could parse the info out of my downloaded splunk installers, but that's a pain). If some one has this list in CSV format would be great, since my goal is to put this into a lookup table.

Tags (2)
Highlighted

Re: Splunk build number to version table?

Splunk Employee
Splunk Employee

You can easily check the splunk.com/download page and view the older releases for your OS. The release number is embedded in the name of the download file along with the version. I've cut and pasted most versions for Linux 64 bit (note that they might slightly differ per platform):

splunk-4.1-77833-linux-2.6-x86_64.rpm
splunk-4.0.10-77146-linux-2.6-x86_64.rpm
splunk-4.0.9-74233-linux-2.6-x86_64.rpm
splunk-4.0.8-73243-linux-2.6-x86_64.rpm
splunk-4.0.7-72459-linux-2.6-x86_64.rpm
splunk-4.0.6-70313-linux-2.6-x86_64.rpm
splunk-4.0.5-69401-linux-2.6-x86_64.rpm
splunk-4.0.4-67724-linux-2.6-x86_64.rpm
splunk-4.0.3-65638-linux-2.6-x86_64.rpm
splunk-4.0.2-64889-linux-2.6-x86_64.rpm
splunk-4.0.1-64658-linux-2.6-x86_64.rpm
splunk-3.4.13-75215-linux-2.6-x86_64.rpm
splunk-3.4.12-69236-linux-2.6-x86_64.rpm
splunk-3.4.11-65313-linux-2.6-x86_64.rpm
splunk-3.4.10-60883-linux-2.6-x86_64.rpm
splunk-3.4.9-57762-linux-2.6-x86_64.rpm
splunk-3.4.8-54309-linux-2.6-x86_64.rpm
splunk-3.4.6-51113-linux-2.6-x86_64.rpm
splunk-3.4.5-47883-linux-2.6-x86_64.rpm
splunk-3.4.3-46779-linux-2.6-x86_64.rpm
splunk-3.4.2-46047-linux-2.6-x86_64.rpm
splunk-3.4.1-45588-linux-2.6-x86_64.rpm
splunk-3.4-44873-linux-2.6-x86_64.rpm
splunk-3.3.4-43000-linux-2.6-x86_64.rpm
splunk-3.3.3-42717-linux-2.6-x86_64.rpm
splunk-3.3.2-41320-linux-2.6-x86_64.rpm
splunk-3.3.1-39933-linux-2.6-x86_64.rpm
splunk-3.3-38914-linux-2.6-x86_64.rpm
splunk-3.2.6-38259-linux-2.6-x86_64.rpm
splunk-3.2.5-38160-linux-2.6-x86_64.rpm
splunk-3.2.4-37025-linux-2.6-x86_64.rpm
splunk-3.2.3-35555-linux-2.6-x86_64.rpm
splunk-3.2.2-34603-linux-2.6-x86_64.rpm
splunk-3.2.1-34291-linux-2.6-x86_64.rpm
splunk-3.2-33572-linux-2.6-x86_64.rpm
splunk-3.1.5-31521-linux-2.6-x86_64.rpm
splunk-3.1.4-30364-linux-2.6-x86_64.rpm
splunk-3.1.3-28524-linux-2.6-x86_64.rpm
splunk-3.1.2-28096-linux-2.6-x86_64.rpm
splunk-3.1.1-27147-linux-2.6-x86_64.rpm
splunk-3.1-26228-linux-2.6-x86_64.rpm
splunk-3.0.2-24828-linux-2.6-x86_64.rpm
splunk-3.0.1-24078-linux-2.6-x86_64.rpm
splunk-3.0-23043-linux-2.6-x86_64.rpm

View solution in original post

Highlighted

Re: Splunk build number to version table?

Super Champion

Here is a little script to extract version info from splunk's download web pages. For anyone who is interested.

#!/usr/bin/python
""" Simple little script to build a list of splunks build and version numbers
pulled from the 'previous download' page on Splunk's main web page.
"""

import os, sys, re, csv, urllib2

webpage_urls  = [
    "http://www.splunk.com/downloads",
    "http://www.splunk.com/page/previous_releases"
]
# Be sure to set this to an appropriate path on your system.
#outfile = os.path.join(os.environ["SPLUNK_HOME"], "etc", "system", "lookups", "splunk_builds.csv")
outfile = "splunk_builds.csv"

splunk_splitter = re.compile(r'\bsplunk-\d+\.\d+(?:\.\d+)?-\d+-[\w._-]+\.(?:tgz|rpm|deb|msi|pkg\.Z|tar\.Z|bin)\b')
splunk_re = re.compile(r'^splunk-(?P<version>\d+\.\d+(?:\.\d+)?)-(?P<build>\d+)-(?P<platform>[\w._-]+)\.(?P<ext>tgz|rpm|deb|msi|pkg\.Z|tar\.Z|bin)')

def extract_version(url):
    fp = urllib2.urlopen(url)
    content = fp.read()
    for txt in splunk_splitter.findall(content):
        d = splunk_re.match(txt).groupdict()
        if d["ext"] == "msi":
            d["platform"] = d["platform"].replace("release", "windows")
        yield d

results = {}
for url in webpage_urls:
    for gd in extract_version(url):
        k = (int(gd["build"]), gd["version"])
        platform = gd["platform"]
        if k in results:
            results[k].add(platform)
        else:
            results[k] = set([platform])

o = csv.writer(open(outfile, "w"))
o.writerow(("build", "version", "platforms"))

for key in sorted(results.keys()):
    platform = results[key]
    print key[0], key[1]
    o.writerow( (key[0], key[1], ";".join(platform)) )

transforms.conf:

[splunkbuild]
filename = splunk_builds.csv

Then you can do a search like:

index=_internal sourcetype=splunkd loader "Splunkd starting" | rex "build (?<build>\d+)" | lookup splunkbuild build OUTPUT version
Highlighted

Re: Splunk build number to version table?

Path Finder

for those of you wondering why this doesn't work when you copy and paste it's because the answers regex have had the backslashes removed when it was posted. Put a backslah before the . and b and w in the regexes and it will work once properly indented.

0 Karma
Highlighted

Re: Splunk build number to version table?

Splunk Employee
Splunk Employee

This points to: we should really just add the version number to the boot up information.

Highlighted

Re: Splunk build number to version table?

Super Champion

Yeah, the version number and build in a single log message at startup time would be helpful too. 😉

0 Karma