Getting Data In

How to troubleshoot why my scripted input on Solaris is not working?



Not really a SunOS guy, so might be missing something fundamental. I wrote the script I need, and it runs fine as the user I expect it do. Splunk is root and running as root.

Here I have a simple script that echos out some system information for our Splunk ES demo.


ip=`/usr/sbin/ifconfig -a | grep -i inet | grep -i 10 | awk '{print $2}'`
mac=`/usr/sbin/ifconfig -a | grep -i ether | head -n 1 | awk '{print $2}'`
dns=`nslookup $ip | grep -i name | awk '{print $4}'`

# Lat and long work - default

# if sjr override the above with sjr lat and long

if [ $datacenter == "sjr" ]

echo "ip=$ip, mac=$mac, nt_host=$nt_host, dns=$dns, owner=$owner, owner_email=$owner_email, owner_DL=$owner_DL, priority=high,lat=$lat,long=$long,city=\"Las Vegas\", country=US, bunit=operations, category=cardholder, pci_domain=\"trust|cardholder\", is_expected=true, should_timesync=true, should_update=true, requires_av=false"

and here is the inputs.conf:


This script executes when run locally. I also verified the app runs fine on a LInux machine. I am getting other data from this forwarder. At this point I am out of ideas as to why this scripted input is failing.

0 Karma


Hi daniel333,

Where do you put the script? From my experience so far, you can only use relative path (like your configuration) in inputs.conf when you put the script within the bin folder and specify the inputs.conf in your own app. If you put your script elsewhere, you need to use absolute path to the script.

0 Karma


have you looked in the splunk logs on that server to see if there are any errors? Is it trying to run the script at all?

Do you have other scripted inputs on the server too? If not, it might not hurt to try to dumb this down to maybe just an echo to see if you can get that to index.

0 Karma


If the script is placed in the bin folder as specified here then the only difference might be that you are referring relative path to the script in your inputs.conf stanza. The documentation mentions to use the absolute/full path to the script in the Syntax section. Can you try changing to full path and see if it works.

Also check if there are no execute permission issues by trying chmod 755 absolutepath_to_scriptto resolve execute permission related issues (if any).

0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...