Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted

Using a shell script to collect data on a universal forwarder, what do I need to configure in inputs and outputs.conf?

athorat
Communicator
‎09-01-2015 03:19 PM

Universal Forwarder-> Heavy Forwarder -> Indexer
We have a universal forwarder which is sitting on a different domain from where we want to collect data using a shell script.

Using the UI, I uploaded the shell script on the universal forwarder. How do I configure what data to send to the indexer?
As I have uploaded the shell using UI on the universal forwarder, do I need to configure the inputs.conf again?
What would be the settings/parameters on both the inputs.conf on the UF and HF
and also the outputs.conf?

0 Karma
Reply
Highlighted

Re: Using a shell script to collect data on a universal forwarder, what do I need to configure in inputs and outputs.conf?

FritzWittwer
Contributor
‎09-02-2015 06:53 AM

You have to configure inputs.conf, 

[script://<script>] 
interval=60

60 seconds is the default value for interval, and you can use the usual attributes like index, sourcetype, disabled.

see http://docs.splunk.com/Documentation/Splunk/6.2.5/Data/Setupcustominputs

Reply