Start C:\Users\User\Desktop\setup.exe
Hi, above is what I put for my .bat located Splunk "bin" directory.
What should I include in the .bat or other stuffs that I need to config to have real-time data?
How to "ask" Splunk to run the .bat?
You can tell Splunk to run the script as a scripted input in inputs.conf or through the manager, somewhere around here: http://localhost:8000/en-US/manager/search/data/inputs/script/_new?action=edit&ns=search
I see, nope. There is no new events when I run my report. Thank you so much for your information and time.
A real-time all-time search will only show newly incoming events. Is your input generating new events while you're running the report?
The data is there when I search at "All-time" but is not when I search at "All-time(Real-time)". Any idea whats wrong?
If the data is there but your chart isn't showing it then your chart isn't correct.
Hi, is there a proper procedure to have real-time data in my application?
Or I can add in any way so long as I added correctly? Firstly I created my application, then add new index. Next, I added the data scripts then added those logs that I want Splunk to monitor.
My current situation is that Splunk did run my .bat in bin folder(logs were updated). However, my chart always shows "waiting for data" ...
Hi, the second approach is not recommended for my system.
However, the first approach I tried. It seems like the same.
Yes, the Console Application will generate logfiles.
I shall try the 1st approach. Thank you for your time.
So this program writes logfiles?
Either point Splunk to read these logfiles (manager>inputs>add new>from file), or change the program to emit the logs to stdout instead of files - then Splunk will treat that output as event data.
I got a program created using Visual Studio Console Application & published it. So I have setup.exe. When I run this setup.exe, it will extract information and save into logs.
Splunk treats the output of the script as input. Apparently your program didn't output anything, so there is nothing to index.
Setup.exe is an odd name for something outputting logs, what does that do exactly? Maybe we're moving in the wrong direction here.
Yes. C:\Windows\system32>StartC:\Users\User\Desktop\setup.exe
Splunk indexes the stdout of scripted inputs. For example, if you have a script that runs top every minute you get 60 events per hour containing the output of top.
Just click the source in the search summary.
Sorry what did you mean? There must be something that I did not do but I have no idea is what..
What data did Splunk index when executing the scripted input?
Thank you for your reply. At the search summary, the .bat last update time seems to be fine(about sec ago). However, my .bat supposely is to execute my program & generate logs into Splunk. But when I go to Splunk folder & check my logs, they were not updated. If I were to run the .bat manually, it works perfectly fine. Do you know what's going wrong?