All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I force a scheduled script to run when installing (or uninstalling) new software?

joshuapetitt
Path Finder
‎12-01-2017 07:45 AM

I'm using the Splunk for Windows addon on many computers. It has a scripted input for installed apps that runs once a day. Normally, this is what I want (only to collect the data once a day). However, if I am installing new software on all the computers, or uninstalling, I would like to force this script to run on all computers and send the data back to Splunk for a report.

Is this possible?

0 Karma
Reply

nickhills
Ultra Champion
‎12-01-2017 07:59 AM

If your using a deployment server, you can simply update the deployment-apps/TA/local/inputs.conf to change the interval on which the input runs.

Simply reload the deployment server, and your forwarders will update, and start sending data back more frequently.
When your done, switch it back, and reload the DS again, and your back to where you started.

If my comment helps, please give it a thumbs up!
0 Karma
Reply

joshuapetitt
Path Finder
‎12-01-2017 08:05 AM

this is an interesting solution, but seems like alot of work. This happens every few weeks, so it is often enough, I'd really like a "One Button Solution" ultimately. Maybe I need to go around the forwarder, and just have another program that does the one-shot sending?

0 Karma
Reply

nickhills
Ultra Champion
‎12-01-2017 08:08 AM

Its really not - about 20 seconds effort.
I do this all the time - testing remote data collection scripts

If my comment helps, please give it a thumbs up!
0 Karma
Reply

nickhills
Ultra Champion
‎12-01-2017 08:11 AM

If you want a point/click option:

create a duplicate app, where the interval is smaller.
Create a duplicate server class which assigns the new app.

from the DS UI, simply add your desired targets to the new serverclass (no need to remove them from the old)

Now you have two options - either remove the target machines when your done, or disable the server class.

Anyway the net result is the same .

If my comment helps, please give it a thumbs up!
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...