Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to run batch file in splunk ?

shannu1241
New Member
‎06-04-2015 04:50 PM

I have a batch file named "testbatch.bat" and its content are as follows:

@echo off
@echo This is a test> test.txt
@echo 123>> test.txt
@echo 245.67>> test.txt

I have kept this under $SPLUNK_HOME\etc\system\bin

and changed the inputs.conf file to :

[script://$SPLUNK_HOME\etc\system\bin\testbatch.bat]
disabled = 0
index = main

[monitor://$SPLUNK_HOME\etc\system\bin\test.txt]
disabled = 0
index = main

But i dont see any data being indexed to main. I also cannot see "test.txt" being created under \etc\system\bin i.e batch file is not being executed,

Can the splunk experts help me out !!! My requirement is to run a batch file every 1 minute and index the output to main indexer.

Thanks

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
Legend
‎06-04-2015 08:18 PM

Hi shaunnu1241,

I tested it with this script in $SPLUNK_HOME\bin\scripts

foo.bat
    echo This is a test > "C:\Program Files\Splunk\var\log\splunk\test.txt"
    echo 123 >> "C:\Program Files\Splunk\var\log\splunk\test.txt"
    echo 245.67 >> "C:\Program Files\Splunk\var\log\splunk\test.txt"

and it works by running it like C:\Program Files\Splunk\bin>splunk.exe cmd scripts\foo.bat the result in "C:\Program Files\Splunk\var\log\splunk\test.txt" looks like this:

This is a test 
123 
245.67

Using it as scripted input running each 60 seconds works as well if using this inputs.conf

[script://$SPLUNK_HOME\bin\scripts\foo.bat]
disabled = false
interval = 10
sourcetype = foo

cheers, MuS

View solution in original post

Reply
Solved! Jump to solution
Solution

MuS
Legend
‎06-04-2015 08:18 PM

Hi shaunnu1241,

I tested it with this script in $SPLUNK_HOME\bin\scripts

foo.bat
    echo This is a test > "C:\Program Files\Splunk\var\log\splunk\test.txt"
    echo 123 >> "C:\Program Files\Splunk\var\log\splunk\test.txt"
    echo 245.67 >> "C:\Program Files\Splunk\var\log\splunk\test.txt"

and it works by running it like C:\Program Files\Splunk\bin>splunk.exe cmd scripts\foo.bat the result in "C:\Program Files\Splunk\var\log\splunk\test.txt" looks like this:

This is a test 
123 
245.67

Using it as scripted input running each 60 seconds works as well if using this inputs.conf

[script://$SPLUNK_HOME\bin\scripts\foo.bat]
disabled = false
interval = 10
sourcetype = foo

cheers, MuS

Reply
Solved! Jump to solution

MuS
Legend
‎06-04-2015 06:49 PM

Your inputs.conf is missing an interval to run the script:

interval = [<number>|<cron schedule>]
* How often to execute the specified command (in seconds), or a valid cron schedule. 
* NOTE: when a cron schedule is specified, the script is not executed on start-up.
* If specified as a number, may have a fractional component; e.g., 3.14
* Splunk's cron implementation does not currently support names of months/days.
* Defaults to 60.0 seconds.
* The special value 0 will force this scripted input to be executed non-stop; that is, as soon as script exits, we shall re-start it.
0 Karma
Reply
Solved! Jump to solution

shannu1241
New Member
‎06-04-2015 06:52 PM

i added and tried with interval = 60 but didnt work.

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎06-04-2015 06:56 PM

Also, take a look at $SPLUNK_HOME\var\log\splunk\splunkd.log, it should tell you if the script is executing or not. Also run $SPLUNK_HOME\bin\splunk cmd btool inputs list to see if you can find your script listed, as this will indicate if the configuration is correct.

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎06-04-2015 07:01 PM

Another hint, place your script into $SPLUNK_HOME/bin/scripts and try to run it like $SPLUNK_HOME/bin/splunk cmd yourscript.bat

Reply
Solved! Jump to solution

shannu1241
New Member
‎06-04-2015 07:12 PM

I have placed my script under $SPLUNK_HOME/bin/scripts but how to run it..? Can you elaborate pls.

Do i need to change anything in inputs.conf file??

Pls help me.. i am new to splunk..

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎06-04-2015 07:13 PM

cd $SPLUNK_HOME/bin/scripts
$SPLUNK_HOME/bin/splunk cmd yourscript.bat

0 Karma
Reply
Solved! Jump to solution

shannu1241
New Member
‎06-04-2015 07:15 PM

i need that script to be run every 1 minutes automatically, how can i achieve that?

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎06-04-2015 07:18 PM

like I said before, add interval = 60 to your inputs.conf or configure it in the UI http://docs.splunk.com/Documentation/Splunk/6.2.3/Data/Scripts

0 Karma
Reply
Solved! Jump to solution

shannu1241
New Member
‎06-04-2015 07:22 PM

tried .. but same result..

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎06-04-2015 07:28 PM

is your script running at all if you do this $SPLUNK_HOME/bin/splunk cmd yourscript.bat in the directory where the script is? I must admit, I have no Windows Splunk handy and cannot test anything.

0 Karma
Reply
Solved! Jump to solution

shannu1241
New Member
‎06-04-2015 07:36 PM

when i double click on bat file its running.

But when i use cmd prompt to run :

c:\Program Files\Splunk\bin>splunk cmd test1.bat

its not showing anything.. my doubt is if the script is in scripts how will it run from bin??

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...