I have a working scripted input using the first method below, however I'm wanting to get rid of the hard coding of SPLUNK_HOME and make it dynamic as sometimes Splunk is installed in different locations. I tried 3 different dynamic variations which all fail with the following message in the splunkd.log
ERROR ExecProcessor - message from ""C:\Program Files\Splunk\etc\apps\TA-btool-Win\bin\TA-btool.bat"" The filename, directory name, or volume label syntax is incorrect.
.bat file below
#TA-btool.bat
# working, however, using a hard coded path
"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" btool --debug outputs list
# fails
"%SPLUNK_HOME%\bin\splunk.exe" btool --debug outputs list
# fails
"$SPLUNK_HOME\bin\splunk.exe" btool --debug outputs list
# fails
"..\..\..\..\bin\splunk.exe" btool --debug outputs list
inputs.conf file below
[script://.\bin\TA-btool.bat]
disabled = 0
# set index below which will receive events - defaults to main
#index = splunk_admin_p
 # every 60 seconds
#interval = 60.0
# every 5 minutes
#interval = 300.0
# every hour
#interval = 6000
# once a day - default
interval = 86400.0
# 15 minutes
#interval = 900
sourcetype = ta_btool
You can alternatively grab my Windows TA/scripted input here:  http://downloads.jordan2000.com/splunk/TA-btool-Win.tgz
and a Linux version which could be used for comparison: http://downloads.jordan2000.com/splunk/TA-btool-Linux.tgz
btw, the Linux .sh version works just fine using $SPLUNK_HOME - I just couldn't solve how to do the equivalent on Windows using a .bat.
I will award Karma points to a working solution for the .bat file
Thanks,
Rob
To load Windows system variables
use %SPLUNK_HOME%
But it does not recognize the blank.
ex) C:\Program Files\Splunk
So we need to change
ex)C:\\"Program Files\"\Splunk
or
You use Windows system variables
ex) set SPLUNK_HOME="C:\Program Files\Splunk"
need double quotes
I must have had a typo somewhere or possibly had bad statements mixed with good. Ultimately, I got it to work with the following format in my .bat file.
"%SPLUNK_HOME%\bin\splunk.exe" btool --debug inputs list
"%SPLUNK_HOME%\bin\splunk.exe" btool --debug outputs list
"%SPLUNK_HOME%\bin\splunk.exe" btool --debug props list
"%SPLUNK_HOME%\bin\splunk.exe" btool --debug limits list
"%SPLUNK_HOME%\splunk.exe" btool --debug server list
"%SPLUNK_HOME%\bin\splunk.exe" btool --debug web list
"%SPLUNK_HOME%\bin\splunk.exe" btool --debug deploymentclient list
 
					
				
		
hi rob,
In your script, if you change to
REM  This will get the splunk.exe path dynamically within a bat file. 
for /f "delims=" %%a in ('where /r c:\ splunk.exe') do @set SPLUNK_EXE=%%a
%SPLUNK_EXE% btool inputs list --debug
%SPLUNK_EXE% btool outputs list --debug
..
and so on for Windows
Also another improvement you could do is to provide  (inputs, outputs, limits,  props) as a list and call in a for loop within .bat file
something like below
FOR %%CONFS IN (inputs, outputs, limits,  props) DO (
 %SPLUNK_EXE% btool %CONFS% list --debug
)
Thanks for the ideas, @koshyk. The where command seems fairly intense on my Windows workstation CPU to recursively look for splunk.exe so I don't think I could push out to the Universal Forwarders on Windows servers.
 
					
				
		
Hi @rob_jordan,
Make sure you've defined the %SPLUNK_HOME% as a variable on your windows or you won't be able to use it from a .batscript since it's actually a Splunk defined variable  :
https://stackoverflow.com/questions/5898131/set-a-persistent-environment-variable-from-cmd-exe
If you want to use a relative path as follows ..\..\..\..\bin\splunk.exe my advise is to output an ls from the script and see if you are hitting the right folder. 
Cheers,
David
Thanks or you suggestions, @DavidHourani Should %SPLUNK_HOME% already be set by the parent process since this is a process being spawned as a scripted input by a either Splunk or the Splunk Universal Forwarder?
 
					
				
		
Hi @rob_jordan, no it wont be inherited for scripted inputs 😞 did you get any info about the path using echo on the different commands you were using ?
BTW, on Linux it does seem to have $SPLUNK_HOME available to it. It may very well be different on Windows. I was able to add the following statement to my .bat file.
echo %SPLUNK_HOME%
and it did return back a valid value.
The following showed up in the event indexed by Splunk.
C:\WINDOWS\system32>echo C:\Program Files\Splunk 
C:\Program Files\Splunk
This leads me to think that I have a minor issue with surrounding the command or portions of the command with double or single quotes, etc. so it's properly interpreted at run time.
Thanks,
Rob
