I have a script containing ip and value.
Know to get the logs i need to add this sample.out file to splunk like
/opt/splunkforwarder/bin/splunk add monitor sample.out.
Then i the files will comes into splunk..
But the problem is i want that script to be run everyone one hour..everytime adding that output file to splunk is not a good idea..Is there any way to schedule automatically or monitor that output file all the time...
Can anyone help me...
You can run this script as a scripted input that kicks off on a given cron schedule. Or, if you've scheduled this script to run locally and write to sample.out as you indicated you can have Splunk read sample.out using a monitor input stanza.
"/opt/splunkforwarder/bin/splunk add monitor filename"
i want to avoid this above thing everytime.
can you give me the correct solution
Are you saying you want to add it once, and never again?
Or are you saying you want the new data to be loaded every hour when it runs?
Yes..I want to add that script output file sample.out once to the splunk path...
I want to avoid this thing
"/opt/splunkforwarder/bin/splunk add monitor sample.out"..
Splunk has to monitor changes in that outfile automatically
Splunk will automatically monitor changes in that outfile automatically!
You can either append data to the file, or create a new file each time, but Splunk will get updates made to it. You just need to use a monitor clause that you've already done with that add monitor command (check etc\system\local\inputs.conf, it should be listed there).
Add the following to etc\system\local\inputs.conf