Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Architecture specific scripts (linux/windows)

ralphmct
Path Finder
‎10-17-2013 03:31 AM

I've been trying to get my data input Python script to work on both Windows and Linux but I've run into a problem with inputs.conf

It seems that with Splunk 6 I can have forward slashes in my script path in Windows but Splunk 5 doesn't like the forward slashes. I know I could easily change the forward slashes to back slashes but then it won't work in Linux! I want to support both Linux and Windows in both Splunk 5 and 6 and I want my data input enabled by default (i.e. not have the user choose which OS he is on.

One solution I thought might work would be to have two stanzas in inputs.conf, one with a backslash path and the other with a forward slash path and one will error out while the other works. The problem with this is that Splunk 6 in Windows will run both scripts because it isn't as picky about separators.

I also had a look at: http://docs.splunk.com/Documentation/Splunk/6.0/AdvancedDev/ModInputsScripts#Architecture-specific_s... which mentions having different folders (Windowsx86, Linux x86, etc) with a bin folder in each that contains my script. The issue with this is it doesn't mention what I should put in my inputs.conf stanza, assuming I could just have one. I tried [script://MYSCRIPT.py] but that didn't work.

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jtrucks
Splunk Employee
Splunk Employee
‎10-19-2013 10:11 AM

The docs for inputs.conf say:

Script path can be an absolute path, make use of an environment variable such as $SPLUNK_HOME, or use the special pattern of an initial '.' as the first directory to indicate a location inside the current app. Note that the '.' must be followed by a platform-specific directory separator.

I believe you may need to have separate entries per platform. However, you could see if input paths with wildcards helps with this.

--
Jesse Trucks
Minister of Magic

View solution in original post

Reply
Solved! Jump to solution
Solution

jtrucks
Splunk Employee
Splunk Employee
‎10-19-2013 10:11 AM

The docs for inputs.conf say:

Script path can be an absolute path, make use of an environment variable such as $SPLUNK_HOME, or use the special pattern of an initial '.' as the first directory to indicate a location inside the current app. Note that the '.' must be followed by a platform-specific directory separator.

I believe you may need to have separate entries per platform. However, you could see if input paths with wildcards helps with this.

--
Jesse Trucks
Minister of Magic
Reply
Solved! Jump to solution

ralphmct
Path Finder
‎11-12-2013 03:40 AM

I went for separate entries per platform in the end though the docs on wildcards were interesting and could prove useful for other scenarios

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...