I have a korn shell that creates a log. I want to run the script via the inputs.conf, every Monday at 5am. I don't want the log of the script to be sent to the indexer yet, only to the log, and then at a different time I will monitor the log for input to the splunk indexer. The path to the script is /home/xxxx/my.ksh
What exactly does the inputs.conf need to look like just to get the file to run at that time? I can add the monitor file without a problem
Thanks
I looked all over and don't see a good example, I am really just using the splunkforwarder to run the job, like cron would.
If I move the script to $SPLUNK_HOME/etc/apps/Splunk_TA_nix/bin , I think the inputs.conf needs to be just this:
[script://./bin/my.ksh]
interval = 604800
This will run the script just once a week - nothing sent to the indexer
Does this look right?
Check out the *NIX TA app on splunkbase; it is chock full of examples.
where exactly do I find this?
I think that like goes to where I can add the Nix add-on...? I don't really see any examples ?
You can download the app, unzip it (rename to *.tgz), and look at the examples in the inputs.conf
file.