bash-4.1# cat test_script
#!/bin/bash
sudo -H -u splunk bash -c '/opt/splunk/bin/splunk add oneshot /opt/splunk/etc/system/local/log_dir/log_file* -index test -sourcetype test_log -auth admin:pass'
This shell script is set to a cronjob. It works perfectly for the first couple of cron schedules, then stops working. When I try to run it manually, I get a “login failed” error. I believe this is due to security features on the server don’t like the plane text password.
Is it possible to disable login & password authentication for the oneshot command so the shell script can execute? Otherwise, what other options do I have. Thanks for your help in advance.
OS – REDHAT 6
SPLUNK VERSION – 7.0.1
why oneshot every time? cant you monitor the file path / directories with inputs.conf?
also, looks like you are trying to check changes in your .../etc/system/local/...
files to monitor changes.
there are easier ways to do so, for example: use | rest ...
commands to bring the relevant results, put them in a summary index and check changes, copy the structure of folders to another place, for example: /tmp
and run diff
command and send output to splunk via scripted input, etc ...
hope it helps