Monitoring Splunk

Script for UF

Path Finder

Hi all, 

how can I set the Universal Forwarder to run a script every 5 minute with a cronjob

Info of the script should be showing up when searching from the Search Head

Thanks in advance,


Labels (1)
0 Karma
1 Solution


@splunk_luis12 Try this:

interval = [<decimal>|<cron schedule>]


Also if this reply helped you in solving your problem an up-vote would be appreciated 👍


Path Finder

Hi ashvinpandey, 

I forgot to mention that it is for Linux (CLI)

how would you run the following script every 5 minutes? and in which directory should I include it the UF?


function check processes (){
echo ""
echo "processes:"
echo ""


I appreciate a lot your help!




0 Karma



Create a Splunk app and put the script in the bin folder of that app.  The app also should contain a default directory with inputs.conf and props.conf files in it.  The inputs.conf file tells Splunk how to run the script.

interval = */5 * * * *
index = foo
sourcetype = mysourcetype

The props.conf file tells Splunk how to parse the data produced by the script.

TIME_PREFIX = <<some regular expression to help Splunk find the timestamp of each event>>
TIME_FORMAT = <<time format string that describes the timestamp>>
# How many characters follow TIME_PREFIX until the end of the tiemestamp
# Regular expression that describes the text between events.
# Must contain a capture group.  The group will be discarded.
LINE_BREAKER = ([\r\n]+)
# Set this to the maximum size of the events produced by the script
TRUNCATE = 10000
# Set this value to the same as LINE_BREAKER
EVENT_BREAKER = ([\r\n]+)

Use the Deployment Server to install the app on the relevant forwarders.  If you have a small number of forwarders (fewer than 3) you can install the app manually.

Also install the app on the indexer(s).

Restart the forwarders and indexers after installing the app.

If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Celebrate CX Day with Splunk: Take our interactive quiz, join our LinkedIn Live ...

Today and every day, Splunk celebrates the importance of customer experience throughout our product, ...

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...

Out of the Box to Up And Running - Streamlined Observability for Your Cloud ...

  Tech Talk Streamlined Observability for Your Cloud Environment Register    Out of the Box to Up And Running ...