Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

manually run a scripted input?

jeff
Contributor
‎12-14-2012 06:36 AM

I have a scripted input in Splunk that sends it's data to Splunk via STDOUT. Is there any way to run the script on-demand and have the results sent to Splunk without restarting Splunk? Something like a "oneshot" cli method, but for scripted inputs, not for files.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎07-17-2019 05:47 AM

You can do this, but splunk wont index the data necessarily: ./splunk cmd /opt/splunk/etc/apps/yourapp/bin/script.sh

You will see STDOUT/ERR from your script though

0 Karma
Reply

tomasmoser
Contributor
‎05-18-2017 09:29 AM

You can disable and again enable scripted input. This will make it run. It worked for me.

0 Karma
Reply

itinney
Path Finder
‎12-14-2012 06:59 AM

If you write the output to a file in a sinkhole like, .../var/spool/splunk, then Splunk will consume it.
If you need the sourcetype to be the same as when it runs as a script then create a different sinkhole and specify the sourcetype

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎12-14-2012 07:20 AM

or same idea with saving the result of the script to a file and monitor the file with the correct sourcetype.

then you will have to clean the result file once a while.

Reply

alacercogitatus
SplunkTrust
SplunkTrust
‎12-14-2012 06:52 AM

What OS are you running?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk MCP & Agentic AI: Machine Data Without Limits

  Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...

Finding Based Detections General Availability

Overview  We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Hands-On Learning and Technical Seminars  Sometimes, you just need to see the code. For those looking for a ...