Getting Data In
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: scripted input
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
scripted input
riotto
Path Finder
06-16-2017
09:55 AM
I have a korn shell that creates a log. I want to run the script via the inputs.conf, every Monday at 5am. I don't want the log of the script to be sent to the indexer yet, only to the log, and then at a different time I will monitor the log for input to the splunk indexer. The path to the script is /home/xxxx/my.ksh
What exactly does the inputs.conf need to look like just to get the file to run at that time? I can add the monitor file without a problem
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
riotto
Path Finder
06-16-2017
11:22 AM
I looked all over and don't see a good example, I am really just using the splunkforwarder to run the job, like cron would.
If I move the script to $SPLUNK_HOME/etc/apps/Splunk_TA_nix/bin , I think the inputs.conf needs to be just this:
[script://./bin/my.ksh]
interval = 604800
This will run the script just once a week - nothing sent to the indexer
Does this look right?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
06-16-2017
10:06 AM
Check out the *NIX TA app on splunkbase; it is chock full of examples.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
riotto
Path Finder
06-16-2017
10:11 AM
where exactly do I find this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
06-16-2017
10:14 AM
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
riotto
Path Finder
06-16-2017
10:31 AM
I think that like goes to where I can add the Nix add-on...? I don't really see any examples ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
06-16-2017
02:51 PM
You can download the app, unzip it (rename to *.tgz), and look at the examples in the inputs.conf file.
Get Updates on the Splunk Community!
What You Read The Most: Splunk Lantern’s Most Popular Articles!
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
See your relevant APM services, dashboards, and alerts in one place with the updated ...
As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...
Index This | What goes away as soon as you talk about it?
May 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this month’s ...
