All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there a script that grabs the output of the "last" command similar to other .sh script in Splunk-TA-nix ?

Hemnaath
Motivator
‎01-17-2018 09:41 AM

Hi All, Currently we wanted to monitor a file on a remote UNIX machine and for which we are looking out for a script that can fetch the " last command" data from the Unix Operating system and ingest the same in splunk, as other scripts like who.sh, lastlogin.sh top.sh etc available in Splunk-TA-nix add-on.

So kindly guide me on this.

0 Karma
Reply

nickhills
Ultra Champion
‎01-17-2018 09:56 AM

With reference to your other post https://answers.splunk.com/answers/610697/how-do-i-collect-the-results-of-wholast-on-unix-ma.html

If you have installed the splunkforwarder on the target, its not really a remote machine, as you are collecting files locally using the UF.
Your simplest course of action is to install the Splunk provided unix TA and configure the inputs accordingly.

All the TA is doing in this case, is calling (and formatting) the stdout results from those commands, and comes shipped with appropriate inputs, props and transforms to get that data into splunk in an indexed and normalised format.

lastlog.sh is invoking "last" in exactly this way

If my comment helps, please give it a thumbs up!
0 Karma
Reply

Hemnaath
Motivator
‎01-27-2018 10:41 PM

Hi Nickhill, Yes you are right but its not reading the wtmpx file (binary file) from this location /var/adm/wtmpx. and I hope this is not built in the lastlog.sh script. So we decided to write a script that can read this binary file and write it to a normal txt file but at the same time it script should be in such away that it is not re-indexing the same file again and again. So could please guide me on this request to create a script which can read and write a binary file into a normal txt file.

thanks in advance.

0 Karma
Reply
Get Updates on the Splunk Community!

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Community Content Calendar, November Edition

Welcome to the November edition of our Community Spotlight! Each month, we dive into the Splunk Community to ...

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...