Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: Windows/Linux scripted inputs and setup.xml
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I'm building an application that should work both on Linux/Unix Splunk installations as well as Windows.
The application uses several external python scripts to pull/populate indexes.
On Linux, these can be easily defined as follows:
[script://$SPLUNK_HOME/etc/apps/myapp/bin/pull_logs.py]
interval = 15 15 * * *
index = myindex
sourcetype = mysourcetype
However, the problem is that Splunk on Windows doesn't understand the path and refuses to run the script with the following error:
06-24-2012 18:16:12.580 +0200 ERROR FrameworkUtils - Incorrect path to script: C:\Program Files\Splunk/etc/apps/myapp/bin/pull_logs.py. Script must be in a bin subdirectory in $SPLUNK_HOME.
06-24-2012 18:16:12.580 +0200 ERROR ExecProcessor - Ignoring: ""C:\Program Files\Splunk/etc/apps/myapp/bin/pull_logs.py""
In order to get it to work, I have to change the paths to contain backslash.
However, then I'm having problems with the setup endpoint which is like this:
<block title="Myapp" endpoint="data/inputs/script" entity="%24SPLUNK_HOME%252Fetc%252Fapps%252Fmyapp%252Fbin%252Fpull_logs.py">
Is there a recommended way on doing this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok well firstly you could just create an inputs for both locations, one will show as an error for not being found but the other will work - the proper way to do this is to have a custom python setup handler to check what system is running and write through an endpoint to the inputs.conf for the correct location.
Secondly, I don't have time to go check the docs but the slashes in the endpoint registration shouldn't matter as you are referencing your registered endpoint from restmap.conf and not directly to the script.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok well firstly you could just create an inputs for both locations, one will show as an error for not being found but the other will work - the proper way to do this is to have a custom python setup handler to check what system is running and write through an endpoint to the inputs.conf for the correct location.
Secondly, I don't have time to go check the docs but the slashes in the endpoint registration shouldn't matter as you are referencing your registered endpoint from restmap.conf and not directly to the script.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No worries, glad you've got it going!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, that seems to be the way. I wrote a custom python setup handler that takes care of the OS and sets up a proper inputs.conf file in local.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
How to find the worst searches in your Splunk environment and how to fix them
Share Your Feedback: On Admin Config Service (ACS)!
Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon
