Getting Data In

Is there a way to run a script residing in a bin folder of an app located on the universal forwarder via a rest call?

dominiquevocat
Motivator

Is there a way to run a script residing in one of the /bin folders of an app on a universal forwarder via a rest call with some parameters?

Security wise it would need to be only files in an app and not an arbitrary file on the target machine 🙂

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

Try this. You might need to workaround a bit by combining different rest calls.

curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/script/restart -d script=/Applications/splunk/bin/scripts/myScript.sh

Reference : http://docs.splunk.com/Documentation/Splunk/6.5.1/RESTREF/RESTinput#data.2Finputs.2Fscript.2Frestart

Happy Splunking!
0 Karma

dominiquevocat
Motivator

Hm, i seem to bale to include a script in /bin of an app and define it as input and launch it remotely using

curl -u admin:changeme https://localhost:8089/servicesNS/nobody
/myApp/data/inputs/script/.%5Cbin%5Cmyscript.cmd -k

So that is part of the way. I would like to pass some parameter.

Also the interval poses a problem. I for now user interval = -1 but i am not sure of i can set an interval of 0 for "never"...

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

Interval 0 makes the script run continuously.

You might need to set disabled=1 if you don't want splunk to run the script OR set interval to a very high value OR set a cron schedule in the interval so that you can control the execution

Happy Splunking!
0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...