Getting Data In
Highlighted

Scripting with Splunk

Path Finder

I'm trying to setup Splunk so it pulls the IP, hostname, and original install date off of all servers that have the splunk forwarder installed.

I have the command I need to run in order to pull this data systeminfo | findstr /i "Host original IP".

It seems like it should be very simple to set this up just going to settings > data inputs > scripts

Couple of questions. In order to get this to run via the command prompt or powershell how do I add the script in the $SPLUNK_HOME\bin\scripts folder?

Is there anything special I need to take into consideration? I can't find much documentation on this so I was looking for any guidance to get this to work.

Tags (1)
0 Karma
Highlighted

Re: Scripting with Splunk

SplunkTrust
SplunkTrust

Anything you put in $SPLUNK_HOME/bin/scripts runs on the local Splunk server, not on the forwarders.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Highlighted

Re: Scripting with Splunk

Path Finder

Is there a way to set it up so all of the forwarders run the script?

0 Karma
Highlighted

Re: Scripting with Splunk

Splunk Employee
Splunk Employee

Is this the level of detail you are looking for? If you find anything essential missing from this documentation, please use the comment form at the bottom of each page to provide your feedback.

0 Karma
Highlighted

Re: Scripting with Splunk

SplunkTrust
SplunkTrust

The think the OP is looking to run a script on each monitored system and have the results reported by the Splunk Forwarder. I'm pretty sure he's going about it the wrong way, but don't know the right way. 😉

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Highlighted

Re: Scripting with Splunk

Splunk Employee
Splunk Employee

I think that's exactly how you would go about it.

1) create a script that does what you need it to do and writes to stdout (account for platform specifics)
2) package the script in an app as a scripted input, decide how often to run it
3) deploy it to the forwarders (monitored systems) and watch the script results come back into the indexer(s) once the scripts execute

0 Karma