Getting Data In

How do I capture the output of a script from a scripted input?

daniel333
Builder

All,

I have a script which I'd like to capture the output from. I assumed that as long as I had it started by my splunkforwarder with an interval=0 it would run for ever and capture anything the script generates. But doesn't appear so.

[script://./bin/spidertrap.py]
  interval = 0
  index = main
  sourcetype = spidertrap
  source = spidertrap.py
  disabled = 0

The script source can be found here -
https://github.com/omarkhan/spidertrap/blob/master/spidertrap.py

I've verified that Splunk is running the script. If I run the script directly I get output to the console I expect.

Any ideas?

Tags (3)
0 Karma

somesoni2
Revered Legend

Try to use print function to print your data to stdout which Splunk reads. See this for reference. https://sublimerobots.com/2017/01/simple-splunk-scripted-input-example/

0 Karma

daniel333
Builder

Interestingly enough not picking up anything from a print either.

0 Karma

efavreau
Motivator

Not seeing print in your github source. Borrowing from SO: https://stackoverflow.com/questions/7152762/how-to-redirect-print-output-to-a-file-using-python#7152...

with open('out.txt', 'w') as f:
    print >> f, 'Filename:', filename     # Python 2.x
    print('Filename:', filename, file=f)  # Python 3.x
###

If this reply helps you, an upvote would be appreciated.
0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...