script input running "splunk cmd openssl"

Getting Data In

Hello,

I have a script to index enddate from certificats

#!/bin/sh

echo debug enddate
date=`date "+%d/%m/%Y %H:%M:%S"`

for file in `/usr/bin/ls /opt/splunk/etc/auth/mycerts/*.pem`
do
    echo debug befor $file
    /opt/splunk/bin/openssl x509 -in $file -enddate -noout
    echo debug after $file
done

This script is started from this stanza in inputs.conf:

[script://./bin/certificats]
interval = * * * * *
index=my_index
sourcetype = splunk:certificats
start_by_shell = false

The script is wriking well when I start it from shell with the splunk account (which is also runnig Splunk) and I enddate is printed for both .pem files thar are in mycerts directory.

But when it is started from Splunk, only the lines "debug endate" and "debug befor $file" are indexed (debug befor only for the first file).

I also try with the command "/opt/splunk/bin/splunk cmd openssl x509 -in $file -enddate -noout". This don't change anything.

Do you have an idee why the command openssl give no result and exit the script when started from Splunk?

Thanks

Get Updates on the Splunk Community!

script input running "splunk cmd openssl"

scripted input

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Are you a member of the Splunk Community?

script input running "splunk cmd openssl"

scripted input

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25