Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an App
Infotools for Splunk app icon

Infotools for Splunk

INFOTOOLS What is/are infotools you ask??? This app is a collection of custom commands that let you see information from the search head that may normally require access to a command shell or file system. In version 1.3.0 there are 12 custom commands: | lookupinfo - see the location size and modtime of lookups (has alias lookupinfo2) | bundleinfo - see what inside the latest search bundle | userinfo - lists all files in the etc/users directory with size and modtime | appinfo - lists all files in the etc/app directory with size and modtime | btoolinfo - yet another btool output | artifactinfo - view or search the info.csv file in search artifacts | pinginfo - run a ping from your search head to measure latency or availability | sslinfo - run the openssl s_client to view certificate details | varinfo - see the size and modtimes of files in the splunk/var directory | cliinfo - run the splunk cli commands: status, list, show, display, help | specinfo - view the details of the .conf.spec files Each of these commands is a generating command (must be first command in the pipeline) and return results about the file objects. What is the use case for infotools? Glad you asked... In Splunk Cloud and with many on-premise deployments most users do not have access to the file system. It can be very useful to be able to see details about some specific Splunk files to help with troubleshooting. Splunk Cloud note: the btoolinfo and cliinfo commands will not run in Splunk Cloud due to the app jail feature that prevents those command from being run except by the splunk user. It also appears that pinginfo is now blocked in Splunk Cloud by restricting permission to the OS ping command. For example: One of the most common problems in many environments is large lookups file affecting bundle replication the restapi commands for lookups do not return information about the file size if the lookup is not defined in transforms.conf, so you need access to the file system to see this information In a search head cluster, large lookups that are frequently updated can impact performance since the entire file is replicated to all members since lookupinfo provides the file size and modtime, you can also see if a lookup has been recently updated l

Built by Splunk Works
splunk product badge
screenshot
screenshot
screenshot
screenshot
Latest Version 1.3.0
December 17, 2024
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.0
Rating

0

(0)

Log in to rate this app
Support
Infotools for Splunk support icon
Not Supported
INFOTOOLS What is/are infotools you ask??? This app is a collection of custom commands that let you see information from the search head that may normally require access to a command shell or file system. In version 1.3.0 there are 12 custom commands: | lookupinfo - see the location size and modtime of lookups (has alias lookupinfo2) | bundleinfo - see what inside the latest search bundle | userinfo - lists all files in the etc/users directory with size and modtime | appinfo - lists all files in the etc/app directory with size and modtime | btoolinfo - yet another btool output | artifactinfo - view or search the info.csv file in search artifacts | pinginfo - run a ping from your search head to measure latency or availability | sslinfo - run the openssl s_client to view certificate details | varinfo - see the size and modtimes of files in the splunk/var directory | cliinfo - run the splunk cli commands: status, list, show, display, help | specinfo - view the details of the .conf.spec files Each of these commands is a generating command (must be first command in the pipeline) and return results about the file objects. What is the use case for infotools? Glad you asked... In Splunk Cloud and with many on-premise deployments most users do not have access to the file system. It can be very useful to be able to see details about some specific Splunk files to help with troubleshooting. Splunk Cloud note: the btoolinfo and cliinfo commands will not run in Splunk Cloud due to the app jail feature that prevents those command from being run except by the splunk user. It also appears that pinginfo is now blocked in Splunk Cloud by restricting permission to the OS ping command. For example: One of the most common problems in many environments is large lookups file affecting bundle replication the restapi commands for lookups do not return information about the file size if the lookup is not defined in transforms.conf, so you need access to the file system to see this information In a search head cluster, large lookups that are frequently updated can impact performance since the entire file is replicated to all members since lookupinfo provides the file size and modtime, you can also see if a lookup has been recently updated l

Categories

Created By

Splunk Works

Contributors

Steve Johnson

Type

app

Downloads

992

Licensing

Splunk Answers

Resources

Login to report this app listing