I have to monitor a directory which contains XML file.
I need to add an additional <tag> in xml file whenever a new file comes and before file is indexed by splunk.
i.e. whenever a file come a script should be run that add a <tag>. Then after it is indexed.
How can achieve through python script?
Is anything required to install to run the script?
XML File look like :
<?xml version="1.0" encoding="utf-8"?> <presentation> <lesson> <part src="0301p.flv" breadcrumb="This is example text1"> <cuepoints> <cuepoint time="0:01" preload="priority" tooltip="Demo 3.1(A)" jumpable="yes"> <tween mode="instant" time="1" /> <slide flv="demos/0301d1.flv" demooffsetx="-180" demooffsety="60" type="demo"></slide> <presenter /> <controls /> </cuepoint> </cuepoints> </part> </lesson> </presentation> I need to add <date>...</date> just below <presentation> tag.
I have no idea how will i proceed?
Writing the script is straightforward. Create it as you would any stand-alone python program with the understanding that everything written to stdout will be indexed by Splunk. You could have the script read a file line-by-line and write the lines to stdout with your extra line added at the proper place.
I don't know how to have the script execute whenever a new file arrives. The best I can think of is to create a scripted input that runs at some interval and have the script search for new files that have arrived since the last interval.
You can write python script, but I wouldn't tie it to Splunk Index process. You need to tie it to the Process/script which puts the file in there.