Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Scripting with Splunk

akelly4
Path Finder
‎03-20-2015 08:39 AM

I'm trying to setup Splunk so it pulls the IP, hostname, and original install date off of all servers that have the splunk forwarder installed.

I have the command I need to run in order to pull this data systeminfo | findstr /i "Host original IP".

It seems like it should be very simple to set this up just going to settings > data inputs > scripts

Couple of questions. In order to get this to run via the command prompt or powershell how do I add the script in the $SPLUNK_HOME\bin\scripts folder?

Is there anything special I need to take into consideration? I can't find much documentation on this so I was looking for any guidance to get this to work.

Tags (1)
0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎03-20-2015 10:25 AM

Is this the level of detail you are looking for? If you find anything essential missing from this documentation, please use the comment form at the bottom of each page to provide your feedback.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-20-2015 10:36 AM

The think the OP is looking to run a script on each monitored system and have the results reported by the Splunk Forwarder. I'm pretty sure he's going about it the wrong way, but don't know the right way. 😉

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎03-20-2015 12:39 PM

I think that's exactly how you would go about it.

1) create a script that does what you need it to do and writes to stdout (account for platform specifics)
2) package the script in an app as a scripted input, decide how often to run it
3) deploy it to the forwarders (monitored systems) and watch the script results come back into the indexer(s) once the scripts execute

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-20-2015 10:23 AM

Anything you put in $SPLUNK_HOME/bin/scripts runs on the local Splunk server, not on the forwarders.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

akelly4
Path Finder
‎03-20-2015 10:24 AM

Is there a way to set it up so all of the forwarders run the script?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...