Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Where should I place temp files generated by my scripted input?

EatMoreChicken
Explorer
‎01-31-2022 11:50 AM

I made a custom TA in "/opt/splunk/etc/apps/myTA/". I created a script called "myTA/bin/scripts/pulldata.sh". My script makes temp files and it attempts to save in "myTA/bin/scripts/", but it has errors writing to that path. I can run the script in CLI using "./pulldata.sh" as the splunk user and it is fine to write the temp files to the "scripts" directory. I tried to use "/opt/splunk/bin/splunk cmd /opt/splunk/etc/apps/myTA/scripts/pulldata.sh", but that also has issues writing the temp files. I'm assuming that Splunk only lets the scripts write files in specific directories.

Is there a specific/correct location that I should be placing these temp files? I'm thinking I can write to "/opt/splunk/var/log/splunk", but I want to see what the Splunk recommended path if for this kind of stuff . I remember seeing information about this at some point on dev.splunk.com, but can't seem to find it anymore.

This is what I have been looking at: https://dev.splunk.com/enterprise/docs/developapps/createapps/appanatomy/

Thanks in advance!

Labels (2)
Reply
1 Solution
Solved! Jump to solution
Solution

tshah-splunk
Splunk Employee
Splunk Employee
‎02-01-2022 08:01 PM

Hey @EatMoreChicken,

I believe this would help you understand placing the outputs in a detailed manner - https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/custominputs/scriptedinputsexampl...

---
If you find the answer helpful, an upvote/karma is appreciated

View solution in original post

Reply
Solved! Jump to solution
Solution

tshah-splunk
Splunk Employee
Splunk Employee
‎02-01-2022 08:01 PM

Hey @EatMoreChicken,

I believe this would help you understand placing the outputs in a detailed manner - https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/custominputs/scriptedinputsexampl...

---
If you find the answer helpful, an upvote/karma is appreciated
Reply
Solved! Jump to solution

EatMoreChicken
Explorer
‎02-11-2022 12:00 PM

Perfect, this is exactly what I was looking for!

Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...