Getting Data In

How to edit my scripted input to collect and index data from scripts installed on forwarders?

monteirolopes
Communicator

Hi,

I created a script input to collect data from scripts installed on forwarders and Splunk is not indexing.

Follow my steps to create a data input:

1.Forwarded inputs » Data inputs » Script » Add new
2.Create a server class.
3.
Script Path: $SPLUNK_HOME\bin\scripts
Command: $SPLUNK_HOME\bin\scripts\script.ps1
Interval: 60.0

Inputs.conf

[script://$SPLUNK_HOME/etc/apps/_server_app_rois/bin/script.ps1]
disabled = false
index = rois
interval = 60.0
sourcetype = rois

Whats wrong with my input?

Best regards,
Lopes.

0 Karma
1 Solution

hunters_splunk
Splunk Employee
Splunk Employee

Hi monteirolopes,

Please make sure that you have properly configured your deployment server and set up forwarder management in your implementation:

  1. On the deployment server, add one or more apps in SPLUNK_HOME/etc/deployment-apps
  2. In the Forwarder Management UI, create one or more server classes
  3. On forwarders, run splunk set deploy-poll Where port is the splunkd port on the deployment server - 8089 is the default
  4. Verify on deployment server:
  5. List of clients phoning home
  6. Deployment status
  7. Verify on forwarders: etc/apps folder for deployed apps

Hope it helps. Thanks!
Hunter Shen

View solution in original post

hunters_splunk
Splunk Employee
Splunk Employee

Hi monteirolopes,

Please make sure that you have properly configured your deployment server and set up forwarder management in your implementation:

  1. On the deployment server, add one or more apps in SPLUNK_HOME/etc/deployment-apps
  2. In the Forwarder Management UI, create one or more server classes
  3. On forwarders, run splunk set deploy-poll Where port is the splunkd port on the deployment server - 8089 is the default
  4. Verify on deployment server:
  5. List of clients phoning home
  6. Deployment status
  7. Verify on forwarders: etc/apps folder for deployed apps

Hope it helps. Thanks!
Hunter Shen

monteirolopes
Communicator
  1. On Deployment Server: E:\Program Files\Splunk\etc\deployment-apps_server_app_roi
  2. Server Class is created: roi
  3. I using Splunk Deployment - Basic
  4. Phone home: a few seconds ago

On forwarder:

C:\Program Files\SplunkUniversalForwarder\etc\apps_server_app_roi

Best regards,

0 Karma

monteirolopes
Communicator

My script was wrong, Now Its work!
Thanks!

0 Karma
Get Updates on the Splunk Community!

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...