Getting Data In

script input running "splunk cmd openssl"

ktn01
Path Finder

Hello,

I have a script to index enddate from certificats

 

#!/bin/sh

echo debug enddate
date=`date "+%d/%m/%Y %H:%M:%S"`

for file in `/usr/bin/ls /opt/splunk/etc/auth/mycerts/*.pem`
do
    echo debug befor $file
    /opt/splunk/bin/openssl x509 -in $file -enddate -noout
    echo debug after $file
done

 

This script is started from this stanza in inputs.conf:

 

[script://./bin/certificats]
interval = * * * * *
index=my_index
sourcetype = splunk:certificats
start_by_shell = false

 

The script is wriking well when I start it from shell with the splunk account (which is also runnig Splunk) and I enddate is printed for both .pem files thar are in mycerts directory.

But when it is started from Splunk, only the lines "debug endate" and "debug befor $file" are indexed (debug befor only for the first file).

I also try with the command "/opt/splunk/bin/splunk cmd openssl x509 -in $file -enddate -noout". This don't change anything.

Do you have an idee why the command openssl give no result and exit the script when started from Splunk?

Thanks

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...