Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do you run a Python script on a universal forwarder before taking input?

yashjain12yj
New Member
‎01-29-2019 02:18 AM

I want to take input from a forwarder, but before that, I want to filter the data with the help of a Python script.

Just like in a normal monitoring option, I used script to monitor a folder; like that, I want to monitor a folder on a box drive, but I want to use a script to pre-filter the data coming to Splunk.

0 Karma
Reply

renjith_nair
Legend
‎01-29-2019 07:04 AM

@yashjain12yj,

You may filter the data using splunk props.conf & transforms.conf instead of scripts .
Reference : Route and filter data

If you still want to alter the data before pushing to splunk, one of the possible solution is

  • Push the logs/files to a staging area
  • Alter the data using python scripts
  • Move the modified file to the location where Splunk monitor is configured.
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and stall ...

Print, Leak, Repeat: UEBA Insider Threats You Can't Ignore

Are you ready to uncover the threats hiding in plain sight? Join us for "Print, Leak, Repeat: UEBA Insider ...

Splunk MCP & Agentic AI: Machine Data Without Limits

  Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...