Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

index a config file on a regular basis, even if not changed

mataharry
Communicator
‎03-06-2012 01:27 PM

I want to monitor configuration files, to keep track of the config everyday.
I don't care that the file changed or not, I just want a copy with the daily version.

How to setup this type of inputs ?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎03-06-2012 01:32 PM

This is not the intended behavior of splunk monitoring, that will not reindex a file until it changed.

Here is one method to achieve this :

View solution in original post

Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎03-07-2012 03:29 PM

Here is an example of inputs + script for windows and linux.

/myapp/local/inputs.conf
remark : this scripted input does not send the data, it just triggers the oneshot CLI comnand.
Add the path and the filter as arguments,
Cron notation for the interval, once a day at 1am


[script://.\bin\oneshot_folder_windows.bat c:\mypath\ *.txt]
disabled = true
index = main
source = oneshot
sourcetype = oneshot
interval = 0 1 * * *

[script://./bin/oneshot_folder_linux.sh /mypath *.txt]
disabled = false
index = main
source = oneshot
sourcetype = oneshot
interval = 0 1 * * *

/myapp/bin/oneshotfolderlinux.sh

#!/bin/bash
# linux script to index oneshot recursively the files from a folder
foldertomonitor=$1
filter=$2
file_list=find $foldertomonitor -name $filter
for file in $file_list
do
$SPLUNK_HOME/bin/splunk add oneshot $file -auth admin:changeme
done

/myapp/bin/oneshotfolderwindows.bat

echo off
rem bat script to index oneshot all the txt files from a folder
set foldertomonitor=%1
set filter=%2
set splunkexec=%SPLUNK_HOME%\bin\splunk.exe
rem update the paths for the temp file
set tempfilelist=c:\tmp\filelist.txt
mkdir c:\tmp
del %tempfilelist%
forfiles /s /p %foldertomonitor% /M %filter% /c " cmd /c echo @Anonymous >> %tempfilelist% "
for /F "delims=" %%G in (%tempfilelist%) do "%splunkexec%" add oneshot %%G -auth admin:changeme

Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎03-07-2012 03:30 PM

terrible html parsing if messing the code, beware.

0 Karma
Reply
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎03-06-2012 01:32 PM

This is not the intended behavior of splunk monitoring, that will not reindex a file until it changed.

Here is one method to achieve this :

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...