Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to correctly setup scripted (bash script) on forwarded input (UF) in HF via CLI or configuration?

hamidseleman
New Member
‎05-08-2018 01:34 AM

Hi,
I've been googling for weeks but to no avail on how to correctly setup scripted input on HF to massage input forwarded from UF.
Following is simple setup for inputs:

inputs.conf in UF
[monitor:///path-to-log/file.txt]
sourcetype = mysourcetype
index = myindex
crcSalt = <SOURCE>
disabled = false

inputs.conf in HF
[script://./bin/scripts/massager.sh]
sourcetype = mysourcetype
index = myindex
interval = 60.0
disabled = false

Sample setup or link highly appreciated.

Thanks.

Tags (1)
0 Karma
Reply

adonio
Ultra Champion
‎05-08-2018 08:00 AM

hello there,

can you please elaborate?
what is it that you are trying to achieve?
you dont need any script on HF to send data that is coming from the UF, only configure inputs and outputs

0 Karma
Reply

hamidseleman
New Member
‎05-08-2018 04:46 PM

Hi,
I am trying to massage raw log sourced at UF by running script at HF before handing off data to Indexer. I dont want to run script at UF end. This is to free up UF from additional processing requirement.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-08-2018 06:36 PM

You’ll have to “massage” the data using props and transforms on the HF and possibly the UF.

See this article: http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Routeandfilterdatad

0 Karma
Reply

hamidseleman
New Member
‎05-09-2018 02:01 AM

Thanks but for some reason I need to work with scripts.

0 Karma
Reply

adonio
Ultra Champion
‎05-09-2018 07:09 AM

@hamidseleman
i am not sure what exactly you are trying to achieve and why would you have to work with scripts.
you can massage the raw data from the UF at the HF using props and transforms.

0 Karma
Reply

hamidseleman
New Member
‎05-09-2018 07:16 AM

Hi,
what i am trying to achieve mostly is already stated exactly in the question itself. Anyway, thanks.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Unmerging HTML Tables

[Puzzles] Solve, Learn, Repeat: Unmerging HTML TablesFor a previous puzzle, I needed some sample data, and ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...