Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Scripting with Splunk

akelly4
Path Finder
‎03-20-2015 08:39 AM

I'm trying to setup Splunk so it pulls the IP, hostname, and original install date off of all servers that have the splunk forwarder installed.

I have the command I need to run in order to pull this data systeminfo | findstr /i "Host original IP".

It seems like it should be very simple to set this up just going to settings > data inputs > scripts

Couple of questions. In order to get this to run via the command prompt or powershell how do I add the script in the $SPLUNK_HOME\bin\scripts folder?

Is there anything special I need to take into consideration? I can't find much documentation on this so I was looking for any guidance to get this to work.

Tags (1)
0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎03-20-2015 10:25 AM

Is this the level of detail you are looking for? If you find anything essential missing from this documentation, please use the comment form at the bottom of each page to provide your feedback.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-20-2015 10:36 AM

The think the OP is looking to run a script on each monitored system and have the results reported by the Splunk Forwarder. I'm pretty sure he's going about it the wrong way, but don't know the right way. 😉

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎03-20-2015 12:39 PM

I think that's exactly how you would go about it.

1) create a script that does what you need it to do and writes to stdout (account for platform specifics)
2) package the script in an app as a scripted input, decide how often to run it
3) deploy it to the forwarders (monitored systems) and watch the script results come back into the indexer(s) once the scripts execute

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-20-2015 10:23 AM

Anything you put in $SPLUNK_HOME/bin/scripts runs on the local Splunk server, not on the forwarders.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

akelly4
Path Finder
‎03-20-2015 10:24 AM

Is there a way to set it up so all of the forwarders run the script?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...