Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Apps and Add-ons
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Why does scripted input not get executed?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why does scripted input not get executed?
pbnl
Path Finder
08-11-2022
05:35 AM
hello all,
i have an app developed on my linux splunk sandbox and it is working fine.
after copying it to the deployment server and deploy it to a UF running on linux, it's not running at all.
the inputs.conf is:
[script://$SPLUNK_HOME/etc/apps/PBNL_getTVlogs/bin/getTVlogs.sh]
disabled = false
interval = 0 14 * * *
index = tvlogs
sourcetype = TVlogs
[monitor://$SPLUNK_HOME/etc/apps/PBNL_getTVlogs/logs/TVlogs.csv]
disabled = false
index = tvlogs
sourcetype = TVlogs
so what's wrong here?
any help is welcome 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pbnl
Path Finder
08-12-2022
01:57 AM
so nobody else any idea why?
to bring in some more details:
the splunk landscape is build out of 4 servers.
1st is Cluster Master, KV Store, License Master, Search Head
2nd and 3rd are Indexer
4th is Deployment Server
the index tvlogs is defined on the cluster master with a whole bunch of other indexes
etc/master-apps/_cluster/local/indexes.conf
[tvlogs]
repFactor = auto
maxHotSpanSecs = 86400
homePath = $SPLUNK_DB/tvlogs/db
frozenTimePeriodInSecs = 15552000
thawedPath = $SPLUNK_DB/tvlogs/thaweddb
coldPath = $SPLUNK_DB/tvlogs/colddband it's deployed to the indexer cluster
splunk@indexer1:[/opt/splunk]: ll var/lib/splunk/tvlogs/*
var/lib/splunk/tvlogs/colddb:
total 8
drwx------ 2 splunk splunk 4096 Jul 22 14:20 ./
drwx------ 6 splunk splunk 4096 Jul 22 14:20 ../
var/lib/splunk/tvlogs/datamodel_summary:
total 8
drwx------ 2 splunk splunk 4096 Jul 22 14:20 ./
drwx------ 6 splunk splunk 4096 Jul 22 14:20 ../
var/lib/splunk/tvlogs/db:
total 16
drwx------ 2 splunk splunk 4096 Aug 10 09:17 ./
drwx------ 6 splunk splunk 4096 Jul 22 14:20 ../
-rw------- 1 splunk splunk 169 Aug 10 09:17 .bucketManifest
-rw------- 1 splunk splunk 10 Jul 22 14:22 CreationTimethe other files are located on the UF where the script should run
splunk@srv141:~/etc/apps/PBNL_getTVlogs$ ll *
bin:
total 20
drwxr-xr-x 2 splunk splunk 4096 Aug 11 14:50 ./
drwxr-xr-x 7 splunk splunk 4096 Aug 11 13:34 ../
-rwxrw-r-- 1 splunk splunk 573 Aug 11 14:50 getTVlogs.sh*
-rwxrw-r-- 1 splunk splunk 687 Aug 11 13:34 json2csv*
default:
total 16
drwxr-xr-x 3 splunk splunk 4096 Aug 11 13:34 ./
drwxr-xr-x 7 splunk splunk 4096 Aug 11 13:34 ../
-rw-r--r-- 1 splunk splunk 181 Aug 11 13:34 app.conf
drwxr-xr-x 3 splunk splunk 4096 Aug 11 13:34 data/
local:
total 20
drwxr-xr-x 2 splunk splunk 4096 Aug 11 13:34 ./
drwxr-xr-x 7 splunk splunk 4096 Aug 11 13:34 ../
-rw-r--r-- 1 splunk splunk 55 Aug 11 13:34 app.conf
-rw-rw-r-- 1 splunk splunk 258 Aug 11 13:34 inputs.conf
-rw-rw-r-- 1 splunk splunk 388 Aug 11 13:34 props.conf
logs:
total 16
drwxr-xr-x 2 splunk splunk 4096 Aug 11 14:49 ./
drwxr-xr-x 7 splunk splunk 4096 Aug 11 13:34 ../
metadata:
total 16
drwxr-xr-x 2 splunk splunk 4096 Aug 11 13:34 ./
drwxr-xr-x 7 splunk splunk 4096 Aug 11 13:34 ../
-rw-r--r-- 1 splunk splunk 403 Aug 11 13:34 default.meta
-rw-r--r-- 1 splunk splunk 187 Aug 11 13:34 local.metado i need to change something here?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
richgalloway
SplunkTrust
08-11-2022
05:53 AM
Any errors in the UF's logs?
---
If this reply helps you, Karma would be appreciated.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pbnl
Path Finder
08-11-2022
06:01 AM
no. the only thing i see in the UF's log is, that the app is installed.
all files and folders are created. the monitor is created too:
splunk@srv141:~$ splunk list monitor
Monitored Directories:
$SPLUNK_HOME/var/log/splunk
some other directories
Monitored Files:
$SPLUNK_HOME/etc/apps/PBNL_getTVlogs/logs/TVlogs.csv
some other files
Got questions? Get answers!
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Meet up IRL or virtually!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Get Updates on the Splunk Community!
Index This | What travels the world but is also stuck in place?
April 2026 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this ...
Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data
Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...
Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...
As data volumes continue to grow and environments become more distributed, managing and optimizing data ...
