Splunk Search

.bat to run my program located at desktop

elaine0102
Explorer

Start C:\Users\User\Desktop\setup.exe

Hi, above is what I put for my .bat located Splunk "bin" directory.

What should I include in the .bat or other stuffs that I need to config to have real-time data?

How to "ask" Splunk to run the .bat?

Tags (1)
0 Karma

martin_mueller
SplunkTrust
SplunkTrust

You can tell Splunk to run the script as a scripted input in inputs.conf or through the manager, somewhere around here: http://localhost:8000/en-US/manager/search/data/inputs/script/_new?action=edit&ns=search

elaine0102
Explorer

I see, nope. There is no new events when I run my report. Thank you so much for your information and time.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

A real-time all-time search will only show newly incoming events. Is your input generating new events while you're running the report?

0 Karma

elaine0102
Explorer

The data is there when I search at "All-time" but is not when I search at "All-time(Real-time)". Any idea whats wrong?

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

If the data is there but your chart isn't showing it then your chart isn't correct.

0 Karma

elaine0102
Explorer

Hi, is there a proper procedure to have real-time data in my application?

Or I can add in any way so long as I added correctly? Firstly I created my application, then add new index. Next, I added the data scripts then added those logs that I want Splunk to monitor.

My current situation is that Splunk did run my .bat in bin folder(logs were updated). However, my chart always shows "waiting for data" ...

0 Karma

elaine0102
Explorer

Hi, the second approach is not recommended for my system.
However, the first approach I tried. It seems like the same.

0 Karma

elaine0102
Explorer

Yes, the Console Application will generate logfiles.
I shall try the 1st approach. Thank you for your time.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

So this program writes logfiles?

Either point Splunk to read these logfiles (manager>inputs>add new>from file), or change the program to emit the logs to stdout instead of files - then Splunk will treat that output as event data.

0 Karma

elaine0102
Explorer

I got a program created using Visual Studio Console Application & published it. So I have setup.exe. When I run this setup.exe, it will extract information and save into logs.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Splunk treats the output of the script as input. Apparently your program didn't output anything, so there is nothing to index.

Setup.exe is an odd name for something outputting logs, what does that do exactly? Maybe we're moving in the wrong direction here.

0 Karma

elaine0102
Explorer

Yes. C:\Windows\system32>StartC:\Users\User\Desktop\setup.exe

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Splunk indexes the stdout of scripted inputs. For example, if you have a script that runs top every minute you get 60 events per hour containing the output of top.

Just click the source in the search summary.

0 Karma

elaine0102
Explorer

Sorry what did you mean? There must be something that I did not do but I have no idea is what..

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

What data did Splunk index when executing the scripted input?

0 Karma

elaine0102
Explorer

Thank you for your reply. At the search summary, the .bat last update time seems to be fine(about sec ago). However, my .bat supposely is to execute my program & generate logs into Splunk. But when I go to Splunk folder & check my logs, they were not updated. If I were to run the .bat manually, it works perfectly fine. Do you know what's going wrong?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...