<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: shell script is generating only 2 lines of output in splunk in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/shell-script-is-generating-only-2-lines-of-output-in-splunk/m-p/439283#M76597</link>
    <description>&lt;P&gt;Hi &lt;a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/163905"&gt;@harsmarvania57&lt;/a&gt; &lt;/P&gt;

&lt;P&gt;Thanks for your response , I had followed the documentation and placed my Linux environment shell script in app/myapp/bin folder and provided inputs.conf in app/myapp/local folder&lt;BR /&gt;
under the [script] stanza , the attributes given like below&lt;/P&gt;

&lt;P&gt;interval = 300&lt;BR /&gt;
sourcetype = my_st&lt;BR /&gt;
source = my_st &lt;BR /&gt;
index = main&lt;BR /&gt;
disabled = 0&lt;/P&gt;

&lt;P&gt;The script is working fine in server( giving the required output of 9 lines) . But in search head we are getting only 2 lines of each event&lt;/P&gt;</description>
    <pubDate>Tue, 29 Sep 2020 22:25:23 GMT</pubDate>
    <dc:creator>raj_mpl</dc:creator>
    <dc:date>2020-09-29T22:25:23Z</dc:date>
    <item>
      <title>shell script is generating only 2 lines of output in splunk</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/shell-script-is-generating-only-2-lines-of-output-in-splunk/m-p/439281#M76595</link>
      <description>&lt;P&gt;Hello All,&lt;BR /&gt;
I can see only 2 lines of output in every event in search head , Here the input is shell script &lt;/P&gt;

&lt;P&gt;Any Suggestions ?&lt;/P&gt;</description>
      <pubDate>Tue, 18 Dec 2018 04:46:31 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/shell-script-is-generating-only-2-lines-of-output-in-splunk/m-p/439281#M76595</guid>
      <dc:creator>raj_mpl</dc:creator>
      <dc:date>2018-12-18T04:46:31Z</dc:date>
    </item>
    <item>
      <title>Re: shell script is generating only 2 lines of output in splunk</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/shell-script-is-generating-only-2-lines-of-output-in-splunk/m-p/439282#M76596</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;

&lt;P&gt;Can you please provide more info ? What shell script are you running ? Where are you running shell script ? And what problem are you facing while executing Shell Script in Splunk?&lt;/P&gt;</description>
      <pubDate>Tue, 18 Dec 2018 08:54:26 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/shell-script-is-generating-only-2-lines-of-output-in-splunk/m-p/439282#M76596</guid>
      <dc:creator>harsmarvania57</dc:creator>
      <dc:date>2018-12-18T08:54:26Z</dc:date>
    </item>
    <item>
      <title>Re: shell script is generating only 2 lines of output in splunk</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/shell-script-is-generating-only-2-lines-of-output-in-splunk/m-p/439283#M76597</link>
      <description>&lt;P&gt;Hi &lt;a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/163905"&gt;@harsmarvania57&lt;/a&gt; &lt;/P&gt;

&lt;P&gt;Thanks for your response , I had followed the documentation and placed my Linux environment shell script in app/myapp/bin folder and provided inputs.conf in app/myapp/local folder&lt;BR /&gt;
under the [script] stanza , the attributes given like below&lt;/P&gt;

&lt;P&gt;interval = 300&lt;BR /&gt;
sourcetype = my_st&lt;BR /&gt;
source = my_st &lt;BR /&gt;
index = main&lt;BR /&gt;
disabled = 0&lt;/P&gt;

&lt;P&gt;The script is working fine in server( giving the required output of 9 lines) . But in search head we are getting only 2 lines of each event&lt;/P&gt;</description>
      <pubDate>Tue, 29 Sep 2020 22:25:23 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/shell-script-is-generating-only-2-lines-of-output-in-splunk/m-p/439283#M76597</guid>
      <dc:creator>raj_mpl</dc:creator>
      <dc:date>2020-09-29T22:25:23Z</dc:date>
    </item>
    <item>
      <title>Re: shell script is generating only 2 lines of output in splunk</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/shell-script-is-generating-only-2-lines-of-output-in-splunk/m-p/439284#M76598</link>
      <description>&lt;P&gt;There might be possibility that Splunk is not parsing events properly and indexing data with wrong timestamp, can you please try to search data for particular sourcetype with &lt;CODE&gt;All Time&lt;/CODE&gt; timeframe ?&lt;/P&gt;</description>
      <pubDate>Tue, 18 Dec 2018 11:04:47 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/shell-script-is-generating-only-2-lines-of-output-in-splunk/m-p/439284#M76598</guid>
      <dc:creator>harsmarvania57</dc:creator>
      <dc:date>2018-12-18T11:04:47Z</dc:date>
    </item>
    <item>
      <title>Re: shell script is generating only 2 lines of output in splunk</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/shell-script-is-generating-only-2-lines-of-output-in-splunk/m-p/439285#M76599</link>
      <description>&lt;P&gt;I am seeing the partial data o/p from the time when I configured and restarted my Universal Forwarder . But when I searched with ALL Time , I can see some events with complete output but those are  2016 time stamped&lt;/P&gt;</description>
      <pubDate>Tue, 18 Dec 2018 11:14:53 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/shell-script-is-generating-only-2-lines-of-output-in-splunk/m-p/439285#M76599</guid>
      <dc:creator>raj_mpl</dc:creator>
      <dc:date>2018-12-18T11:14:53Z</dc:date>
    </item>
    <item>
      <title>Re: shell script is generating only 2 lines of output in splunk</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/shell-script-is-generating-only-2-lines-of-output-in-splunk/m-p/439286#M76600</link>
      <description>&lt;P&gt;Here you go which means Splunk is not parsing timestamp correctly. Best practice is while generating scripted output, every event should start with timestamp so that splunk will parse those events with correct date time.&lt;/P&gt;

&lt;P&gt;Additionally if require you can define &lt;CODE&gt;TIME_PREFIX&lt;/CODE&gt;, &lt;CODE&gt;TIME_FORMAT&lt;/CODE&gt; and &lt;CODE&gt;MAX_TIMESTAMP_LOOKAHEAD&lt;/CODE&gt; on Indexer/Heavy Forwarder for sourcetype &lt;CODE&gt;my_st&lt;/CODE&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 18 Dec 2018 11:55:59 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/shell-script-is-generating-only-2-lines-of-output-in-splunk/m-p/439286#M76600</guid>
      <dc:creator>harsmarvania57</dc:creator>
      <dc:date>2018-12-18T11:55:59Z</dc:date>
    </item>
  </channel>
</rss>

