Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Using a shell script to collect data on a universal forwarder, what do I need to configure in inputs and outputs.conf?

athorat
Communicator
‎09-01-2015 03:19 PM

Universal Forwarder-> Heavy Forwarder -> Indexer
We have a universal forwarder which is sitting on a different domain from where we want to collect data using a shell script.

Using the UI, I uploaded the shell script on the universal forwarder. How do I configure what data to send to the indexer?
As I have uploaded the shell using UI on the universal forwarder, do I need to configure the inputs.conf again?
What would be the settings/parameters on both the inputs.conf on the UF and HF
and also the outputs.conf?

0 Karma
Reply

FritzWittwer_ol
Contributor
‎09-02-2015 06:53 AM

You have to configure inputs.conf, 

[script://<script>] 
interval=60

60 seconds is the default value for interval, and you can use the usual attributes like index, sourcetype, disabled.

see http://docs.splunk.com/Documentation/Splunk/6.2.5/Data/Setupcustominputs

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...