Getting Data In

I see splunk has some ".path" files in windows app bin directory. What are these for?

Splunk Employee
Splunk Employee

The windows app ships with some files that end in .path in the bin directory. How do these work? Is there any particular design goal of these? Can I use this mechanism as a customer?

Tags (2)
1 Solution

Contributor

.path files are an optimization which allows Splunk to run scripted inputs which call other programs outside the BIN directory (e.g. Windows Powershell). The .path file contains the command line you want to execute, including both the program you want to run and its command-line parameters. Think of it like a one-line batch file.

More details:

As a security precaution, Splunk will only execute scripted inputs inside an app's BIN directory. This ensures that, in order to run custom code on a Splunk server, an administrator actually has to copy [or create -ed] a file into an app's BIN directory. However, this makes it hard to execute non-Python scripted inputs (e.g. powershell scripts on windows) since those inputs require running an executable which lives outside the BIN directory.

Of course, you could create a one-line BAT or CMD file (or its *nix equivalent) which would simply launch the desired executable. But that's inefficient-- Splunk would be spinning up a new shell process whose whole purpose in life was immediately starting another program. Furthermore, making things worse, when Splunk shuts down it makes it hard to ensure that the "grandchild" process is shut down too.

For this reason, Splunk offers the .path file option, which functions just like a one-line batch file, but doesn't spin up a new process each time which is better for performance and enables cleaner shutdowns.

View solution in original post

Contributor

.path files are an optimization which allows Splunk to run scripted inputs which call other programs outside the BIN directory (e.g. Windows Powershell). The .path file contains the command line you want to execute, including both the program you want to run and its command-line parameters. Think of it like a one-line batch file.

More details:

As a security precaution, Splunk will only execute scripted inputs inside an app's BIN directory. This ensures that, in order to run custom code on a Splunk server, an administrator actually has to copy [or create -ed] a file into an app's BIN directory. However, this makes it hard to execute non-Python scripted inputs (e.g. powershell scripts on windows) since those inputs require running an executable which lives outside the BIN directory.

Of course, you could create a one-line BAT or CMD file (or its *nix equivalent) which would simply launch the desired executable. But that's inefficient-- Splunk would be spinning up a new shell process whose whole purpose in life was immediately starting another program. Furthermore, making things worse, when Splunk shuts down it makes it hard to ensure that the "grandchild" process is shut down too.

For this reason, Splunk offers the .path file option, which functions just like a one-line batch file, but doesn't spin up a new process each time which is better for performance and enables cleaner shutdowns.

View solution in original post

Super Champion

I got it to work in Linux. (I had forgotten to use the absolute path to my executable. Whoops!) However, this STILL caused a shell (/bin/sh -c) process to be launched. See http://splunk-base.splunk.com/answers/28733/scripted-input-without-a-shell

0 Karma

Splunk Employee
Splunk Employee

think of it as a symbolic link.

0 Karma

Super Champion

Does this work for platforms other than Windows? (For example, on Linux)