Re: scripted input

riotto · ‎06-16-2017

I have a korn shell that creates a log. I want to run the script via the inputs.conf, every Monday at 5am. I don't want the log of the script to be sent to the indexer yet, only to the log, and then at a different time I will monitor the log for input to the splunk indexer. The path to the script is /home/xxxx/my.ksh

What exactly does the inputs.conf need to look like just to get the file to run at that time? I can add the monitor file without a problem

Thanks

riotto · ‎06-16-2017

I looked all over and don't see a good example, I am really just using the splunkforwarder to run the job, like cron would.
If I move the script to $SPLUNK_HOME/etc/apps/Splunk_TA_nix/bin , I think the inputs.conf needs to be just this:

[script://./bin/my.ksh]
interval = 604800

This will run the script just once a week - nothing sent to the indexer

Does this look right?

woodcock · ‎06-16-2017

Check out the *NIX TA app on splunkbase; it is chock full of examples.

riotto · ‎06-16-2017

where exactly do I find this?

woodcock · ‎06-16-2017

https://splunkbase.splunk.com/app/833/

riotto · ‎06-16-2017

I think that like goes to where I can add the Nix add-on...? I don't really see any examples ?

woodcock · ‎06-16-2017

You can download the app, unzip it (rename to *.tgz), and look at the examples in the inputs.conf file.

scripted input

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!