Hi,
I have to monitor a directory which contains XML file.
I need to add an additional <tag> in xml file whenever a new file comes and before file is indexed by splunk.
i.e. whenever a file come a script should be run that add a <tag>. Then after it is indexed.
How can achieve through python script?
Is anything required to install to run the script?
XML File look like :
<?xml version="1.0" encoding="utf-8"?>
<presentation>
<lesson>
<part src="0301p.flv" breadcrumb="This is example text1">
<cuepoints>
<cuepoint time="0:01" preload="priority" tooltip="Demo 3.1(A)" jumpable="yes">
<tween mode="instant" time="1" />
<slide flv="demos/0301d1.flv" demooffsetx="-180" demooffsety="60" type="demo"></slide>
<presenter />
<controls />
</cuepoint>
</cuepoints>
</part>
</lesson>
</presentation>
I need to add <date>...</date> just below <presentation> tag.
I have no idea how will i proceed?
Regards,
Aditya
You can write python script, but I wouldn't tie it to Splunk Index process. You need to tie it to the Process/script which puts the file in there.
Writing the script is straightforward. Create it as you would any stand-alone python program with the understanding that everything written to stdout will be indexed by Splunk. You could have the script read a file line-by-line and write the lines to stdout with your extra line added at the proper place.
I don't know how to have the script execute whenever a new file arrives. The best I can think of is to create a scripted input that runs at some interval and have the script search for new files that have arrived since the last interval.