Getting Data In

How to edit my scripted input to collect and index data from scripts installed on forwarders?

monteirolopes
Communicator

Hi,

I created a script input to collect data from scripts installed on forwarders and Splunk is not indexing.

Follow my steps to create a data input:

1.Forwarded inputs » Data inputs » Script » Add new
2.Create a server class.
3.
Script Path: $SPLUNK_HOME\bin\scripts
Command: $SPLUNK_HOME\bin\scripts\script.ps1
Interval: 60.0

Inputs.conf

[script://$SPLUNK_HOME/etc/apps/_server_app_rois/bin/script.ps1]
disabled = false
index = rois
interval = 60.0
sourcetype = rois

Whats wrong with my input?

Best regards,
Lopes.

0 Karma
1 Solution

hunters_splunk
Splunk Employee
Splunk Employee

Hi monteirolopes,

Please make sure that you have properly configured your deployment server and set up forwarder management in your implementation:

  1. On the deployment server, add one or more apps in SPLUNK_HOME/etc/deployment-apps
  2. In the Forwarder Management UI, create one or more server classes
  3. On forwarders, run splunk set deploy-poll Where port is the splunkd port on the deployment server - 8089 is the default
  4. Verify on deployment server:
  5. List of clients phoning home
  6. Deployment status
  7. Verify on forwarders: etc/apps folder for deployed apps

Hope it helps. Thanks!
Hunter Shen

View solution in original post

hunters_splunk
Splunk Employee
Splunk Employee

Hi monteirolopes,

Please make sure that you have properly configured your deployment server and set up forwarder management in your implementation:

  1. On the deployment server, add one or more apps in SPLUNK_HOME/etc/deployment-apps
  2. In the Forwarder Management UI, create one or more server classes
  3. On forwarders, run splunk set deploy-poll Where port is the splunkd port on the deployment server - 8089 is the default
  4. Verify on deployment server:
  5. List of clients phoning home
  6. Deployment status
  7. Verify on forwarders: etc/apps folder for deployed apps

Hope it helps. Thanks!
Hunter Shen

monteirolopes
Communicator
  1. On Deployment Server: E:\Program Files\Splunk\etc\deployment-apps_server_app_roi
  2. Server Class is created: roi
  3. I using Splunk Deployment - Basic
  4. Phone home: a few seconds ago

On forwarder:

C:\Program Files\SplunkUniversalForwarder\etc\apps_server_app_roi

Best regards,

0 Karma

monteirolopes
Communicator

My script was wrong, Now Its work!
Thanks!

0 Karma
Get Updates on the Splunk Community!

Message Parsing in SOCK

Introduction This blog post is part of an ongoing series on SOCK enablement. In this blog post, I will write ...

Exploring the OpenTelemetry Collector’s Kubernetes annotation-based discovery

We’ve already explored a few topics around observability in a Kubernetes environment -- Common Failures in a ...

Use ‘em or lose ‘em | Splunk training units do expire

Whether it’s hummus, a ham sandwich, or a human, almost everything in this world has an expiration date. And, ...