Getting Data In

Where should I place temp files generated by my scripted input?

EatMoreChicken
Explorer

I made a custom TA in "/opt/splunk/etc/apps/myTA/". I created a script called "myTA/bin/scripts/pulldata.sh". My script makes temp files and it attempts to save in "myTA/bin/scripts/", but it has errors writing to that path. I can run the script in CLI using "./pulldata.sh" as the splunk user and it is fine to write the temp files to the "scripts" directory. I tried to use "/opt/splunk/bin/splunk cmd /opt/splunk/etc/apps/myTA/scripts/pulldata.sh", but that also has issues writing the temp files. I'm assuming that Splunk only lets the scripts write files in specific directories.

Is there a specific/correct location that I should be placing these temp files? I'm thinking I can write to "/opt/splunk/var/log/splunk", but I want to see what the Splunk recommended path if for this kind of stuff . I remember seeing information about this at some point on dev.splunk.com, but can't seem to find it anymore.

This is what I have been looking at: https://dev.splunk.com/enterprise/docs/developapps/createapps/appanatomy/

Thanks in advance!

Labels (2)
1 Solution

tshah-splunk
Splunk Employee
Splunk Employee

Hey @EatMoreChicken,

I believe this would help you understand placing the outputs in a detailed manner - https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/custominputs/scriptedinputsexampl...

---
If you find the answer helpful, an upvote/karma is appreciated

View solution in original post

tshah-splunk
Splunk Employee
Splunk Employee

Hey @EatMoreChicken,

I believe this would help you understand placing the outputs in a detailed manner - https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/custominputs/scriptedinputsexampl...

---
If you find the answer helpful, an upvote/karma is appreciated

EatMoreChicken
Explorer

Perfect, this is exactly what I was looking for!

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...