- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- How to configure scripted inputs and check if they...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have followed some documentation on adding inputs to from scripts, and have the following:
- A batch script, which calls my powershell script (running the batch scripts executes the powershell script properly)
.path file located in
myapp\bin$SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe "D:\Program Files\etc\apps\myapp\bin\mypsscript.ps1"app.conf file located in myapp\default with stanza
[script://D:\Program Files\etc\apps\myapp\bin\mypathfile.path] interval = 50 source = mypsscript.ps1
However, I am not sure how to know whether or not this script is actually running. I don't think it is, because if I search for that source, it doesn't have any results. Is this configured properly? How do I ensure the script kicks off? Do I need to do anything else?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I fixed the problem. To summarize:
- I removed the batch script, because the .path file essentially does the same thing.
- I placed the call to the .path file in the input.config file with the parameters I had listed.
- I placed the .ps1 file and the
.path file in the
$SPLUNK_HOME\bin\scripts.
Once I realized that the .path file is essentially a one line batch script, I was able to make the call to powershell (must use an explicit path) and then issue the command. Once I knew everything was in the right place, I figured out that I had to include "-file" before making the call to the .ps1 file.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I fixed the problem. To summarize:
- I removed the batch script, because the .path file essentially does the same thing.
- I placed the call to the .path file in the input.config file with the parameters I had listed.
- I placed the .ps1 file and the
.path file in the
$SPLUNK_HOME\bin\scripts.
Once I realized that the .path file is essentially a one line batch script, I was able to make the call to powershell (must use an explicit path) and then issue the command. Once I knew everything was in the right place, I figured out that I had to include "-file" before making the call to the .ps1 file.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think your script is disabled. Try explicitly setting disabled = 0
[script://.binmypathfile.path]
interval = 50
source = mypsscript.ps
disabled = 0
disabled = false also should work.
You need to restart after making this change
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Actually, after looking, I had this stanza in input.conf:
[script://.\bin\mypathfile.path]
interval = 50
source = mypsscript.ps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how do I then get the script to run?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
your script stanza should be inside inputs.conf not app.conf
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
.conf24 | Personalize your .conf experience with Learning Paths!
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
