All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Run script without sending to index

Dpeedahnb
Explorer
‎06-29-2020 02:13 AM

I wish to run a python script that updates files within a monitoring directory, without directly sending any files to the index. All the examples I’ve seen have people running a script and sending logs to their index.

Would removing the sourcetype/ index fields make it act the way I want? Or will it behave the way I want as long as I’m not sending logs within the script. Sorry for any confusion.

1
2
3
4
5
[script://./bin/TA-SimpleApp.py]
interval = 10
sourcetype = my_sourcetype
disabled = False
index = main
 
Labels (2)
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎07-09-2020 02:01 AM

You could drop all data from your custom sourcetype into the nullQueue so that it doesnt reach the indexing queue. The below should help:

props.conf

[my_sourcetype]
TRANSFORMS-ignore = null_queue


transforms.conf

[nullqueue]
REGEX = .
DEST = queue
FORMAT = nullQueue
0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...