Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Input Script as a Data to Index the same in Splunk

anandhalagarasa
Path Finder
‎06-21-2017 07:00 AM

We got an requirement to input data via script and I am new to it. so how to achieve it.

So how to achieve it...

Tags (1)
0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎06-21-2017 11:35 AM

Create a shell script:

touch ssecls_executer.sh
chmod +x ssecls_executer.sh

Paste this into the shell script: 

#!/usr/bin/env bash
/opt/SYMCScan/ssecls/ssecls -server 127.0.0.1 /bin/ls

Copy the shell script to a bin folder in a splunk app of your choice

mkdir /opt/splunk/etc/apps/MyAPP
mkdir /opt/splunk/etc/apps/MyAPP/bin
cp ssecls_executer.sh /opt/splunk/etc/apps/MyAPP/bin

Make an inputs.conf that runs the script:

mkdir /opt/splunk/etc/apps/MyAPP/default
touch /opt/splunk/etc/apps/MyAPP/default/inputs.conf

Paste this into the inputs.conf:

[script:///opt/splunk/etc/apps/MyApp/bin/ssecls_executer.sh]
interval = 60 # OR whatever interval in seconds / cron schedule you want to execute on (see inputs.conf documentation)
index = indexName
sourcetype = ssecls_executer
source = ssecls_executer.sh

Restart splunk and profit.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...