script input running "splunk cmd openssl"

Getting Data In

Hello,

I have a script to index enddate from certificats

#!/bin/sh

echo debug enddate
date=`date "+%d/%m/%Y %H:%M:%S"`

for file in `/usr/bin/ls /opt/splunk/etc/auth/mycerts/*.pem`
do
    echo debug befor $file
    /opt/splunk/bin/openssl x509 -in $file -enddate -noout
    echo debug after $file
done

This script is started from this stanza in inputs.conf:

[script://./bin/certificats]
interval = * * * * *
index=my_index
sourcetype = splunk:certificats
start_by_shell = false

The script is wriking well when I start it from shell with the splunk account (which is also runnig Splunk) and I enddate is printed for both .pem files thar are in mycerts directory.

But when it is started from Splunk, only the lines "debug endate" and "debug befor $file" are indexed (debug befor only for the first file).

I also try with the command "/opt/splunk/bin/splunk cmd openssl x509 -in $file -enddate -noout". This don't change anything.

Do you have an idee why the command openssl give no result and exit the script when started from Splunk?

Thanks

Get Updates on the Splunk Community!

script input running "splunk cmd openssl"

scripted input

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation

script input running "splunk cmd openssl"

scripted input

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...