https://community.splunk.com/t5/Getting-Data-In/Input-Script-as-a-Data-to-Index-the-same-in-Splunk/m-p/367419#M95938 <P>We got an requirement to input data via script and I am new to it. so how to achieve it.</P> <P>So how to achieve it...</P> Wed, 21 Jun 2017 14:00:59 GMT anandhalagarasa 2017-06-21T14:00:59Z https://community.splunk.com/t5/Getting-Data-In/Input-Script-as-a-Data-to-Index-the-same-in-Splunk/m-p/367419#M95938 <P>We got an requirement to input data via script and I am new to it. so how to achieve it.</P> <P>So how to achieve it...</P> Wed, 21 Jun 2017 14:00:59 GMT https://community.splunk.com/t5/Getting-Data-In/Input-Script-as-a-Data-to-Index-the-same-in-Splunk/m-p/367419#M95938 anandhalagarasa 2017-06-21T14:00:59Z https://community.splunk.com/t5/Getting-Data-In/Input-Script-as-a-Data-to-Index-the-same-in-Splunk/m-p/367420#M95939 <P>Create a shell script:</P> <PRE><CODE>touch ssecls_executer.sh chmod +x ssecls_executer.sh </CODE></PRE> <P>Paste this into the shell script: </P> <PRE><CODE>#!/usr/bin/env bash /opt/SYMCScan/ssecls/ssecls -server 127.0.0.1 /bin/ls </CODE></PRE> <P>Copy the shell script to a bin folder in a splunk app of your choice</P> <PRE><CODE>mkdir /opt/splunk/etc/apps/MyAPP mkdir /opt/splunk/etc/apps/MyAPP/bin cp ssecls_executer.sh /opt/splunk/etc/apps/MyAPP/bin </CODE></PRE> <P>Make an inputs.conf that runs the script:</P> <PRE><CODE>mkdir /opt/splunk/etc/apps/MyAPP/default touch /opt/splunk/etc/apps/MyAPP/default/inputs.conf </CODE></PRE> <P>Paste this into the inputs.conf:</P> <PRE><CODE>[script:///opt/splunk/etc/apps/MyApp/bin/ssecls_executer.sh] interval = 60 # OR whatever interval in seconds / cron schedule you want to execute on (see inputs.conf documentation) index = indexName sourcetype = ssecls_executer source = ssecls_executer.sh </CODE></PRE> <P>Restart splunk and profit.</P> Wed, 21 Jun 2017 18:35:16 GMT https://community.splunk.com/t5/Getting-Data-In/Input-Script-as-a-Data-to-Index-the-same-in-Splunk/m-p/367420#M95939 jkat54 2017-06-21T18:35:16Z