Getting Data In

script input running "splunk cmd openssl"

ktn01
Path Finder

Hello,

I have a script to index enddate from certificats

 

#!/bin/sh

echo debug enddate
date=`date "+%d/%m/%Y %H:%M:%S"`

for file in `/usr/bin/ls /opt/splunk/etc/auth/mycerts/*.pem`
do
    echo debug befor $file
    /opt/splunk/bin/openssl x509 -in $file -enddate -noout
    echo debug after $file
done

 

This script is started from this stanza in inputs.conf:

 

[script://./bin/certificats]
interval = * * * * *
index=my_index
sourcetype = splunk:certificats
start_by_shell = false

 

The script is wriking well when I start it from shell with the splunk account (which is also runnig Splunk) and I enddate is printed for both .pem files thar are in mycerts directory.

But when it is started from Splunk, only the lines "debug endate" and "debug befor $file" are indexed (debug befor only for the first file).

I also try with the command "/opt/splunk/bin/splunk cmd openssl x509 -in $file -enddate -noout". This don't change anything.

Do you have an idee why the command openssl give no result and exit the script when started from Splunk?

Thanks

Labels (1)
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...