I'm trying to setup Splunk so it pulls the IP, hostname, and original install date off of all servers that have the splunk forwarder installed.
I have the command I need to run in order to pull this data systeminfo | findstr /i "Host original IP".
It seems like it should be very simple to set this up just going to settings > data inputs > scripts
Couple of questions. In order to get this to run via the command prompt or powershell how do I add the script in the $SPLUNK_HOME\bin\scripts folder?
Is there anything special I need to take into consideration? I can't find much documentation on this so I was looking for any guidance to get this to work.
Anything you put in $SPLUNK_HOME/bin/scripts runs on the local Splunk server, not on the forwarders.
The think the OP is looking to run a script on each monitored system and have the results reported by the Splunk Forwarder. I'm pretty sure he's going about it the wrong way, but don't know the right way. 😉
I think that's exactly how you would go about it.
1) create a script that does what you need it to do and writes to stdout (account for platform specifics)
2) package the script in an app as a scripted input, decide how often to run it
3) deploy it to the forwarders (monitored systems) and watch the script results come back into the indexer(s) once the scripts execute