Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how do I find the different packages installed on two hosts?

Simeon
Splunk Employee
Splunk Employee
‎02-16-2012 10:33 AM

I have a scripted input that takes in rpm -qa output and want to find out the difference in packages installed on two hosts. What kind of search can get this done?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Simeon
Splunk Employee
Splunk Employee
‎02-16-2012 10:37 AM

For an rpm -qa output, you will need to create multiple values via multikv and leverage a sub search that returns the packages that exist on one of the hosts:

host=host1 sourcetype=rpm | multikv noheader=t | rex "(?\S+)" | search NOT [search host=host2 sourcetype=rpm | multikv noheader=t | rex "(?\S+)" | fields package] | table package host

It is important to note that this solves the problem of using "diff", as that will not give you discrete package information.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Simeon
Splunk Employee
Splunk Employee
‎02-16-2012 10:37 AM

For an rpm -qa output, you will need to create multiple values via multikv and leverage a sub search that returns the packages that exist on one of the hosts:

host=host1 sourcetype=rpm | multikv noheader=t | rex "(?\S+)" | search NOT [search host=host2 sourcetype=rpm | multikv noheader=t | rex "(?\S+)" | fields package] | table package host

It is important to note that this solves the problem of using "diff", as that will not give you discrete package information.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...