Installation

login to server run a command and get the number back to store it

splunkuseradmin
Path Finder

I have 2 questions:

  1. suppose I have a "192.168.1.1" IP. How do I check the connectivity through Splunk?

  2. overall, I want to know how many URL requests have been done to a server(IP I mentioned in 1st Question) specific URL requests, not just all of them.

So, I have a command that shows a total number of hits.

So, I need you to configure Splunk in a way that it logs into a server, runs the command and gets the number of that URL hits. Stores it for the server, and if I look at the hourly graph, I’ll see hourly stats, and if I look at the daily graph, I’ll see a graph in daily hits summary.

Tags (1)
0 Karma
1 Solution

ehowardl3
Path Finder

For number 2, why not have the script output the metrics to a file and have the Splunk universal forwarder installed on the host, watching the file?

View solution in original post

0 Karma

ehowardl3
Path Finder

For number 2, why not have the script output the metrics to a file and have the Splunk universal forwarder installed on the host, watching the file?

0 Karma

splunkuseradmin
Path Finder

I don’t want to feed splunk with gigs of useless data
all I need is for the splunk to login to server, run the command and get the number back.

can I do that without UF s well ?

0 Karma

ehowardl3
Path Finder

You wouldn’t be feeding gigs of useless data into Splunk. Run a script that outputs the number of URL hits to a file, and have the universal forwarder only watching that file. You would only be sending the data in that file to Splunk.

0 Karma

splunkuseradmin
Path Finder

so you saying its not possible to login to any linux server sitting on splunk UI to perform any command but we do have other way to do that by installing UF on host.

is there any other possible way instead installing universal forwarder to access that file or something else?

0 Karma

ehowardl3
Path Finder

If you really don’t want to install a universal forwarder on your Linux server, you could transfer the file over to an intermediary forwarder via SCP, rsync, TCP, etc., however that’s just adding an extra step to the process.

0 Karma

splunkuseradmin
Path Finder

Thanks appreciate.

0 Karma

splunkuseradmin
Path Finder

I will have around 35 hosts

each host will generate 2 files each hour: jp_hits_404.txt and jp_hits_200.txt
each file will contain a single number in text format, like “105” or “284"

what do you think i can do

0 Karma

splunkuseradmin
Path Finder

and also can user get the intermedatory forwarder ip sitting on splunk UI??
what is we are not even admin and dont have access to backend juss have access to splunk UI.

how do you think we can solve this

0 Karma

splunkuseradmin
Path Finder

all I need is for the splunk to login to server, run the command and get the number back.

0 Karma

splunkuseradmin
Path Finder

this are the two commands i wanted to run on that server.

/home/splunkfetcher/getURIcount.sh 200
/home/splunkfetcher/getURIcount.sh 404
thanks

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...