Getting Data In

How to configure scripted inputs and check if they are running?

slashnburn
Path Finder

I have followed some documentation on adding inputs to from scripts, and have the following:

  1. A batch script, which calls my powershell script (running the batch scripts executes the powershell script properly)
  2. .path file located in myapp\bin

    $SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe "D:\Program Files\etc\apps\myapp\bin\mypsscript.ps1"
    
  3. app.conf file located in myapp\default with stanza

    [script://D:\Program Files\etc\apps\myapp\bin\mypathfile.path]
    interval = 50
    source = mypsscript.ps1
    

However, I am not sure how to know whether or not this script is actually running. I don't think it is, because if I search for that source, it doesn't have any results. Is this configured properly? How do I ensure the script kicks off? Do I need to do anything else?

Tags (3)
0 Karma
1 Solution

slashnburn
Path Finder

I fixed the problem. To summarize:

  • I removed the batch script, because the .path file essentially does the same thing.
  • I placed the call to the .path file in the input.config file with the parameters I had listed.
  • I placed the .ps1 file and the .path file in the $SPLUNK_HOME\bin\scripts.

Once I realized that the .path file is essentially a one line batch script, I was able to make the call to powershell (must use an explicit path) and then issue the command. Once I knew everything was in the right place, I figured out that I had to include "-file" before making the call to the .ps1 file.

View solution in original post

0 Karma

slashnburn
Path Finder

I fixed the problem. To summarize:

  • I removed the batch script, because the .path file essentially does the same thing.
  • I placed the call to the .path file in the input.config file with the parameters I had listed.
  • I placed the .ps1 file and the .path file in the $SPLUNK_HOME\bin\scripts.

Once I realized that the .path file is essentially a one line batch script, I was able to make the call to powershell (must use an explicit path) and then issue the command. Once I knew everything was in the right place, I figured out that I had to include "-file" before making the call to the .ps1 file.

0 Karma

strive
Influencer

I think your script is disabled. Try explicitly setting disabled = 0

[script://.binmypathfile.path]
interval = 50
source = mypsscript.ps
disabled = 0

disabled = false also should work.

You need to restart after making this change

0 Karma

slashnburn
Path Finder

Actually, after looking, I had this stanza in input.conf:

[script://.\bin\mypathfile.path]
interval = 50
source = mypsscript.ps

0 Karma

slashnburn
Path Finder

how do I then get the script to run?

0 Karma

MuS
SplunkTrust
SplunkTrust

your script stanza should be inside inputs.conf not app.conf

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...