Hi, above is what I put for my .bat located Splunk "bin" directory.
What should I include in the .bat or other stuffs that I need to config to have real-time data?
How to "ask" Splunk to run the .bat?
You can tell Splunk to run the script as a scripted input in inputs.conf or through the manager, somewhere around here: http://localhost:8000/en-US/manager/search/data/inputs/script/_new?action=edit&ns=search
Hi, is there a proper procedure to have real-time data in my application?
Or I can add in any way so long as I added correctly? Firstly I created my application, then add new index. Next, I added the data scripts then added those logs that I want Splunk to monitor.
My current situation is that Splunk did run my .bat in bin folder(logs were updated). However, my chart always shows "waiting for data" ...
So this program writes logfiles?
Either point Splunk to read these logfiles (manager>inputs>add new>from file), or change the program to emit the logs to stdout instead of files - then Splunk will treat that output as event data.
Splunk treats the output of the script as input. Apparently your program didn't output anything, so there is nothing to index.
Setup.exe is an odd name for something outputting logs, what does that do exactly? Maybe we're moving in the wrong direction here.
Splunk indexes the stdout of scripted inputs. For example, if you have a script that runs top every minute you get 60 events per hour containing the output of top.
Just click the source in the search summary.
Thank you for your reply. At the search summary, the .bat last update time seems to be fine(about sec ago). However, my .bat supposely is to execute my program & generate logs into Splunk. But when I go to Splunk folder & check my logs, they were not updated. If I were to run the .bat manually, it works perfectly fine. Do you know what's going wrong?