Getting Data In

scripted input

riotto
Path Finder

I have a korn shell that creates a log. I want to run the script via the inputs.conf, every Monday at 5am. I don't want the log of the script to be sent to the indexer yet, only to the log, and then at a different time I will monitor the log for input to the splunk indexer. The path to the script is /home/xxxx/my.ksh

What exactly does the inputs.conf need to look like just to get the file to run at that time? I can add the monitor file without a problem

Thanks

0 Karma

riotto
Path Finder

I looked all over and don't see a good example, I am really just using the splunkforwarder to run the job, like cron would.
If I move the script to $SPLUNK_HOME/etc/apps/Splunk_TA_nix/bin , I think the inputs.conf needs to be just this:

[script://./bin/my.ksh]
interval = 604800

This will run the script just once a week - nothing sent to the indexer

Does this look right?

0 Karma

woodcock
Esteemed Legend

Check out the *NIX TA app on splunkbase; it is chock full of examples.

0 Karma

riotto
Path Finder

where exactly do I find this?

0 Karma

woodcock
Esteemed Legend
0 Karma

riotto
Path Finder

I think that like goes to where I can add the Nix add-on...? I don't really see any examples ?

0 Karma

woodcock
Esteemed Legend

You can download the app, unzip it (rename to *.tgz), and look at the examples in the inputs.conf file.

0 Karma
Get Updates on the Splunk Community!

Extending Splunk AI Assistant for SPL to Splunk Enterprise customers!

Howdy Splunk Community! It’s an exciting day here at Splunk – Splunk AI Assistant for SPL version 1.3.0 is now ...

Developer Spotlight with Qmulos

Qmulos: Building a Next-Level Cybersecurity Business through Splunk Apps Qmulos started as a scrappy startup ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Enhance Security Operations with Automated Threat Analysis in the Splunk EcosystemAre you leveraging ...