Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to edit my scripted input to collect and index data from scripts installed on forwarders?

monteirolopes
Communicator
‎10-11-2016 10:04 AM

Hi,

I created a script input to collect data from scripts installed on forwarders and Splunk is not indexing.

Follow my steps to create a data input:

1.Forwarded inputs » Data inputs » Script » Add new
2.Create a server class.
3.
Script Path: $SPLUNK_HOME\bin\scripts
Command: $SPLUNK_HOME\bin\scripts\script.ps1
Interval: 60.0

Inputs.conf

[script://$SPLUNK_HOME/etc/apps/_server_app_rois/bin/script.ps1]
disabled = false
index = rois
interval = 60.0
sourcetype = rois

Whats wrong with my input?

Best regards,
Lopes.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hunters_splunk
Splunk Employee
Splunk Employee
‎10-11-2016 10:13 AM

Hi monteirolopes,

Please make sure that you have properly configured your deployment server and set up forwarder management in your implementation:

  1. On the deployment server, add one or more apps in SPLUNK_HOME/etc/deployment-apps
  2. In the Forwarder Management UI, create one or more server classes
  3. On forwarders, run splunk set deploy-poll Where port is the splunkd port on the deployment server - 8089 is the default
  4. Verify on deployment server:
  5. List of clients phoning home
  6. Deployment status
  7. Verify on forwarders: etc/apps folder for deployed apps

Hope it helps. Thanks!
Hunter Shen

View solution in original post

Reply
Solved! Jump to solution
Solution

hunters_splunk
Splunk Employee
Splunk Employee
‎10-11-2016 10:13 AM

Hi monteirolopes,

Please make sure that you have properly configured your deployment server and set up forwarder management in your implementation:

  1. On the deployment server, add one or more apps in SPLUNK_HOME/etc/deployment-apps
  2. In the Forwarder Management UI, create one or more server classes
  3. On forwarders, run splunk set deploy-poll Where port is the splunkd port on the deployment server - 8089 is the default
  4. Verify on deployment server:
  5. List of clients phoning home
  6. Deployment status
  7. Verify on forwarders: etc/apps folder for deployed apps

Hope it helps. Thanks!
Hunter Shen

View solution in original post

Reply
Solved! Jump to solution

monteirolopes
Communicator
‎10-11-2016 10:35 AM
  1. On Deployment Server: E:\Program Files\Splunk\etc\deployment-apps_server_app_roi
  2. Server Class is created: roi
  3. I using Splunk Deployment - Basic
  4. Phone home: a few seconds ago

On forwarder:

C:\Program Files\SplunkUniversalForwarder\etc\apps_server_app_roi

Best regards,

0 Karma
Reply
Solved! Jump to solution

monteirolopes
Communicator
‎10-11-2016 12:21 PM

My script was wrong, Now Its work!
Thanks!

0 Karma
Reply
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Get Updates on the Splunk Community!