Feed inputs as command line argument

the_scissor · ‎06-08-2017

Is it possible to provide inputs to Splunk through command line argument (similar to python for compiling)? Instead of providing the path of the file/directory in inputs.conf, can we provide an input to it using command line argument while running the Splunk binary?
So, if I'll have to search for a string, can I do something like : ./splunk cmd searchtest "string"

inventsekar · ‎06-08-2017

Yes, you can feed inputs using cmd line -
to add a feed of /var/log directory (all files under this directory) -

$SPLUNK_HOME/bin/splunk add monitor /var/log/

internally this command updates the inputs.conf file. editing/updating this config file directly will more options.

https://docs.splunk.com/Documentation/Splunk/6.6.1/Data/Configureyourinputs

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

the_scissor · ‎06-09-2017

Thanks, but that will actually write into the same inputs.conf file and Splunk will be taking inputs from that path. What I was actually asking is whether it is possible to provide an input as command line argument while running the Splunk or not? Like for Python when we compile a file we do $python filename, similarly, can we do something like $splunk filename?

Feed inputs as command line argument

New Year, New Changes for Splunk Certifications

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

Join the Conversation

Feed inputs as command line argument

New Year, New Changes for Splunk Certifications

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events