I am trying to get file changes and metadata information for certain directories.
Can this app File/Directory Information Input be used in Universal Forwarder or does it need heavy forwarder/Enterprise Splunk?
The File/Directory Information Input app does use Python and thus does need a Heavy Forwarder.
Update:
I'm looking into supporting this in a later release. See http://lukemurphey.net/issues/1068 for progress updates.
Update [2]:
As of version 1.3, Universal Forwarders are supported provided the host has Python installed.
Agreed.
Is there any option to leverage the python installed in OS. Any workaround?
I haven't tried using system Python to run modular inputs before. I think it may be possible with a small change to the modular input class. Currently, it uses make_splunkhome_path from splunk.appserver.mrsparkle.lib.util which won't be available on system Python. I could make that optional though.
I'm willing to try.
Thanks Luke.
Also, another request is - will it be possible to use cron schedule in the interval field instead of specifying (10m,2h, etc.)?
Does that work already in this app (or in your website monitoring app etc) or it cannot be implemented at all?
It isn't possible now but I'm looking into (http://lukemurphey.net/issues/1095)
I am getting same error : ERROR ModularInputs - Unable to initialize modular input "file_meta_data" defined inside the app "ab_filemetadata_xx_inputs": Introspecting scheme=file_meta_data: script running failed (exited with code 1).
Python is Running on UF.
[file_meta_data://Test]
depth_limit = 0
file_hash_limit = 500MB
file_path = /home/gaddes/test.txt
include_file_hash = 0
index = main
interval = 2m
only_if_changed = 1
recurse = 1
disabled = 0
Is there any pointer to resolve this issue ?
Add your comment...
This is fixed in version 1.4.2.
I see the below error in splunkd.log of Universal Forwarder..
ERROR ModularInputs - Unable to initialize modular input "file_meta_data" defined inside the app "file_meta_data": Introspecting scheme=file_meta_data: script running failed (exited with code 1)
My understanding is that, Splunk Universal Forwarder does not have python on its own.
I have python in OS, how do I leverage and acheive this?
I am getting same error : ERROR ModularInputs - Unable to initialize modular input "file_meta_data" defined inside the app "ab_filemetadata_xx_inputs": Introspecting scheme=file_meta_data: script running failed (exited with code 1).
Python is Running on UF.
[file_meta_data://Test]
depth_limit = 0
file_hash_limit = 500MB
file_path = /home/gaddes/test.txt
include_file_hash = 0
index = main
interval = 2m
only_if_changed = 1
recurse = 1
disabled = 0
Is there any pointer to resolve this issue ?
Make sure to use the most recent version of the app. There was an issue I recently fixed that prevented the app from working on Universal Forwarders.
I am using version 1.3 , I assume this version supports UF on which Python is installed. Is there any other pointer ? Should I need to use later version of the App ? If Yes , which Files do I need to update like file_meta_data.py ?
Thanks for Support ...