Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to configure scripted inputs and check if they are running?

slashnburn
Path Finder
‎08-21-2014 06:02 AM

I have followed some documentation on adding inputs to from scripts, and have the following:

  1. A batch script, which calls my powershell script (running the batch scripts executes the powershell script properly)

  2. .path file located in myapp\bin

    $SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe "D:\Program Files\etc\apps\myapp\bin\mypsscript.ps1"

  3. app.conf file located in myapp\default with stanza

    [script://D:\Program Files\etc\apps\myapp\bin\mypathfile.path]
interval = 50
source = mypsscript.ps1

However, I am not sure how to know whether or not this script is actually running. I don't think it is, because if I search for that source, it doesn't have any results. Is this configured properly? How do I ensure the script kicks off? Do I need to do anything else?

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

slashnburn
Path Finder
‎08-21-2014 11:27 AM

I fixed the problem. To summarize:

  • I removed the batch script, because the .path file essentially does the same thing.
  • I placed the call to the .path file in the input.config file with the parameters I had listed.
  • I placed the .ps1 file and the .path file in the $SPLUNK_HOME\bin\scripts.

Once I realized that the .path file is essentially a one line batch script, I was able to make the call to powershell (must use an explicit path) and then issue the command. Once I knew everything was in the right place, I figured out that I had to include "-file" before making the call to the .ps1 file.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

slashnburn
Path Finder
‎08-21-2014 11:27 AM

I fixed the problem. To summarize:

  • I removed the batch script, because the .path file essentially does the same thing.
  • I placed the call to the .path file in the input.config file with the parameters I had listed.
  • I placed the .ps1 file and the .path file in the $SPLUNK_HOME\bin\scripts.

Once I realized that the .path file is essentially a one line batch script, I was able to make the call to powershell (must use an explicit path) and then issue the command. Once I knew everything was in the right place, I figured out that I had to include "-file" before making the call to the .ps1 file.

0 Karma
Reply
Solved! Jump to solution

strive
Influencer
‎08-21-2014 11:09 AM

I think your script is disabled. Try explicitly setting disabled = 0

[script://.binmypathfile.path]
interval = 50
source = mypsscript.ps
disabled = 0

disabled = false also should work.

You need to restart after making this change

0 Karma
Reply
Solved! Jump to solution

slashnburn
Path Finder
‎08-21-2014 07:22 AM

Actually, after looking, I had this stanza in input.conf:

[script://.\bin\mypathfile.path]
interval = 50
source = mypsscript.ps

0 Karma
Reply
Solved! Jump to solution

slashnburn
Path Finder
‎08-21-2014 07:20 AM

how do I then get the script to run?

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎08-21-2014 07:12 AM

your script stanza should be inside inputs.conf not app.conf

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...