Getting Data In

Architecture specific scripts (linux/windows)

ralphmct
Path Finder

I've been trying to get my data input Python script to work on both Windows and Linux but I've run into a problem with inputs.conf

It seems that with Splunk 6 I can have forward slashes in my script path in Windows but Splunk 5 doesn't like the forward slashes. I know I could easily change the forward slashes to back slashes but then it won't work in Linux! I want to support both Linux and Windows in both Splunk 5 and 6 and I want my data input enabled by default (i.e. not have the user choose which OS he is on.

One solution I thought might work would be to have two stanzas in inputs.conf, one with a backslash path and the other with a forward slash path and one will error out while the other works. The problem with this is that Splunk 6 in Windows will run both scripts because it isn't as picky about separators.

I also had a look at: http://docs.splunk.com/Documentation/Splunk/6.0/AdvancedDev/ModInputsScripts#Architecture-specific_s... which mentions having different folders (Windowsx86, Linux x86, etc) with a bin folder in each that contains my script. The issue with this is it doesn't mention what I should put in my inputs.conf stanza, assuming I could just have one. I tried [script://MYSCRIPT.py] but that didn't work.

Thanks

0 Karma
1 Solution

jtrucks
Splunk Employee
Splunk Employee

The docs for inputs.conf say:

Script path can be an absolute path, make use of an environment variable such as $SPLUNK_HOME, or use the special pattern of an initial '.' as the first directory to indicate a location inside the current app. Note that the '.' must be followed by a platform-specific directory separator.

I believe you may need to have separate entries per platform. However, you could see if input paths with wildcards helps with this.

--
Jesse Trucks
Minister of Magic

View solution in original post

jtrucks
Splunk Employee
Splunk Employee

The docs for inputs.conf say:

Script path can be an absolute path, make use of an environment variable such as $SPLUNK_HOME, or use the special pattern of an initial '.' as the first directory to indicate a location inside the current app. Note that the '.' must be followed by a platform-specific directory separator.

I believe you may need to have separate entries per platform. However, you could see if input paths with wildcards helps with this.

--
Jesse Trucks
Minister of Magic

ralphmct
Path Finder

I went for separate entries per platform in the end though the docs on wildcards were interesting and could prove useful for other scenarios

0 Karma
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...