Getting Data In
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- scripted input
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
scripted input
riotto
Path Finder
06-16-2017
09:55 AM
I have a korn shell that creates a log. I want to run the script via the inputs.conf, every Monday at 5am. I don't want the log of the script to be sent to the indexer yet, only to the log, and then at a different time I will monitor the log for input to the splunk indexer. The path to the script is /home/xxxx/my.ksh
What exactly does the inputs.conf need to look like just to get the file to run at that time? I can add the monitor file without a problem
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
riotto
Path Finder
06-16-2017
11:22 AM
I looked all over and don't see a good example, I am really just using the splunkforwarder to run the job, like cron would.
If I move the script to $SPLUNK_HOME/etc/apps/Splunk_TA_nix/bin , I think the inputs.conf needs to be just this:
[script://./bin/my.ksh]
interval = 604800
This will run the script just once a week - nothing sent to the indexer
Does this look right?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
06-16-2017
10:06 AM
Check out the *NIX TA app on splunkbase; it is chock full of examples.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
riotto
Path Finder
06-16-2017
10:11 AM
where exactly do I find this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
06-16-2017
10:14 AM
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
riotto
Path Finder
06-16-2017
10:31 AM
I think that like goes to where I can add the Nix add-on...? I don't really see any examples ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
06-16-2017
02:51 PM
You can download the app, unzip it (rename to *.tgz), and look at the examples in the inputs.conf file.
Get Updates on the Splunk Community!
Extending Splunk AI Assistant for SPL to Splunk Enterprise customers!
Howdy Splunk Community!
It’s an exciting day here at Splunk – Splunk AI Assistant for SPL version 1.3.0 is now ...
Developer Spotlight with Qmulos
Qmulos: Building a Next-Level Cybersecurity Business through Splunk Apps Qmulos started as a scrappy startup ...
Leveraging Automated Threat Analysis Across the Splunk Ecosystem
Enhance Security Operations with Automated Threat Analysis in the Splunk EcosystemAre you leveraging ...
