Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to correctly setup scripted (bash script) on forwarded input (UF) in HF via CLI or configuration?

hamidseleman
New Member
‎05-08-2018 01:34 AM

Hi,
I've been googling for weeks but to no avail on how to correctly setup scripted input on HF to massage input forwarded from UF.
Following is simple setup for inputs:

inputs.conf in UF
[monitor:///path-to-log/file.txt]
sourcetype = mysourcetype
index = myindex
crcSalt = <SOURCE>
disabled = false

inputs.conf in HF
[script://./bin/scripts/massager.sh]
sourcetype = mysourcetype
index = myindex
interval = 60.0
disabled = false

Sample setup or link highly appreciated.

Thanks.

Tags (1)
0 Karma
Reply

adonio
Ultra Champion
‎05-08-2018 08:00 AM

hello there,

can you please elaborate?
what is it that you are trying to achieve?
you dont need any script on HF to send data that is coming from the UF, only configure inputs and outputs

0 Karma
Reply

hamidseleman
New Member
‎05-08-2018 04:46 PM

Hi,
I am trying to massage raw log sourced at UF by running script at HF before handing off data to Indexer. I dont want to run script at UF end. This is to free up UF from additional processing requirement.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-08-2018 06:36 PM

You’ll have to “massage” the data using props and transforms on the HF and possibly the UF.

See this article: http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Routeandfilterdatad

0 Karma
Reply

hamidseleman
New Member
‎05-09-2018 02:01 AM

Thanks but for some reason I need to work with scripts.

0 Karma
Reply

adonio
Ultra Champion
‎05-09-2018 07:09 AM

@hamidseleman
i am not sure what exactly you are trying to achieve and why would you have to work with scripts.
you can massage the raw data from the UF at the HF using props and transforms.

0 Karma
Reply

hamidseleman
New Member
‎05-09-2018 07:16 AM

Hi,
what i am trying to achieve mostly is already stated exactly in the question itself. Anyway, thanks.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...