fingerstatus command

Thanks For Downloading!

Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows:

Windows: Decompress the downloaded file using a tool like 7-Zip and place the resulting folder into %PROGRAMFILES%\Splunk\etc\apps. Then restart Splunk using the splunk restart command or the GUI.

Unix/Linux: Decompress the downloaded file using a tool like tar -xvf and place the resulting folder into $SPLUNK_HOME/etc/apps. Then restart Splunk using the splunk restart command or the GUI.

Ever wonder if an user@address in your event has a finger server running?
This could be one of your own addresses in your data center where running a
finger server is supposed to be prohibited. This is a Splunk command
called fingerstatus that returns in realtime a status to see if finger
response is available for the user@address in question.

Usage:

<some search that has a finger_address field> | fingerstatus

The distribution comes with a finger.log file that gets
indexed into your sample index. You can do things like:

index="sample" sourcetype="finger_addresses" address!=""|dedup address|eval
finger_address=address|fingerstatus|table address, fingerstatus

Read the README.txt for installation notes. Since this is going to the internet to retrieve status, it is best to test it with a few addresses at a time or send the search to the background.