How do you run a Python script on a universal forw...

yashjain12yj · ‎01-29-2019

I want to take input from a forwarder, but before that, I want to filter the data with the help of a Python script.

Just like in a normal monitoring option, I used script to monitor a folder; like that, I want to monitor a folder on a box drive, but I want to use a script to pre-filter the data coming to Splunk.

renjith_nair · ‎01-29-2019

@yashjain12yj,

You may filter the data using splunk props.conf & transforms.conf instead of scripts .
Reference : Route and filter data

If you still want to alter the data before pushing to splunk, one of the possible solution is

Push the logs/files to a staging area
Alter the data using python scripts
Move the modified file to the location where Splunk monitor is configured.

---
What goes around comes around. If it helps, hit it with Karma 🙂

How do you run a Python script on a universal forwarder before taking input?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

How do you run a Python script on a universal forwarder before taking input?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem