Re: scripted input

riotto · ‎06-16-2017

I have a korn shell that creates a log. I want to run the script via the inputs.conf, every Monday at 5am. I don't want the log of the script to be sent to the indexer yet, only to the log, and then at a different time I will monitor the log for input to the splunk indexer. The path to the script is /home/xxxx/my.ksh

What exactly does the inputs.conf need to look like just to get the file to run at that time? I can add the monitor file without a problem

Thanks

riotto · ‎06-16-2017

I looked all over and don't see a good example, I am really just using the splunkforwarder to run the job, like cron would.
If I move the script to $SPLUNK_HOME/etc/apps/Splunk_TA_nix/bin , I think the inputs.conf needs to be just this:

[script://./bin/my.ksh]
interval = 604800

This will run the script just once a week - nothing sent to the indexer

Does this look right?

woodcock · ‎06-16-2017

Check out the *NIX TA app on splunkbase; it is chock full of examples.

riotto · ‎06-16-2017

where exactly do I find this?

woodcock · ‎06-16-2017

https://splunkbase.splunk.com/app/833/

riotto · ‎06-16-2017

I think that like goes to where I can add the Nix add-on...? I don't really see any examples ?

woodcock · ‎06-16-2017

You can download the app, unzip it (rename to *.tgz), and look at the examples in the inputs.conf file.

scripted input

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Join the Conversation