Getting Data In

pass hostname to scripted input

jgeyer14
Engager

Hi, I want to create a scripted input, a script that will query sql server on a machine. I want the query to be executed on whatever host I set up the input for, so I assume I should pass the hostname as an argument to the script. How can I do that dynamically? is there a variable in splunk that can expand automatically? So I could set splunk up to run the script something like this:

script.cmd $hostname

Tags (1)

jgeyer14
Engager

nevermind i figured it out. right now I am adding a new scripted input for each host and passing it manually like so:

first arg is the hostname the script will use to do the query

[script://$SPLUNK_HOME\bin\scripts\test.cmd testhost]
interval = 5
sourcetype = sql:test        
source = jamiesqltest
host=testhost
disabled=0


[script://$SPLUNK_HOME\bin\scripts\test.cmd testhost-2]
interval = 5
sourcetype = sql:test        
source = jamiesqltest
host=testhost-2
disabled=0
Get Updates on the Splunk Community!

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

  Now On Demand  Stay ahead of today’s evolving threats with the combined power of the Splunk Threat Research ...

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Automated Archival is a new capability within Metrics Management; which is a robust usage & cost optimization ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...