I am looking at running a .sh script which is stored on a remote machine I am hoping to run this script every couple of hours and then log the output with splunk so we can utilise the script to our advantage. Is this possible with splunk as I have not come across any useful documentation.
Thanks in advance for your help.
Hi Fulljames,
As I understand you want to take output of sh script in Splunk. The best approach would be to take output of the script in text file and append that output in text file every 5 or 10 mins as per your requirement. And then you can use that log file path(text file) to monitor in Splunk, Splunk will monitor the output of that text file. Let me know if it works for you...
@manish_singh_777 would that text file need to be stored on a local machine or could it be stored on the remote Linux machine?
That doesn't matter, you can store the text file in remote linux machine, because your remote linux machine is going to have Universal forwarder and you will write inputs.conf for that, so that will work for you. Let me know if you have got any more queries..
@manish_singh_777 Thanks for your reponse! Where do I upload the inputs.conf file and within this file I looked over the link you supplied and do I just need to implement: [monitor://<path>]
could you please expand on this as I think this is the main problem in getting this working? Thanks again!
@mnaish_singh_777 also I am using the free version of splunk, I just noticed the documentation you supplied was from Splunk enterprise, is this still applicable to splunk free? Thanks!
Hi ,
We write "log file monitoring" path in "inputs.conf" stanzas only.
Hi @Fulljames,
You could do it by using normal unix script and use a scheduler to run that in splunk using
https://docs.splunk.com/Documentation/Splunk/7.1.1/AdvancedDev/ScriptedInputsIntro and https://docs.splunk.com/Documentation/Splunk/7.1.1/AdvancedDev/ScriptSetup
Ideally you would do RESULTS=$(ssh user@server /path/to/the/script/script.sh)
and push the RESULT to splunk by using a log file or as direct stream . You shall do output sanitizing before you "echo" the RESULT
Hi @renjith.nair
Thanks for your response!
Im very new to splunk so I will need a .config file with the
RESULTS=$(ssh user@server /path/to/the/script/script.sh)
to identify the location of the .sh file, additionally would I need to specify the password?
I looked over the links you mentioned:
[script://$SPLUNK_HOME/etc/apps/<appName>/bin/starter_script.sh]
disabled = true # change to false to start the input, requires restart
host = # enter hostname here
index = main
interval = 30 #frequency to run the script, in seconds
source = my_db
sourcetype = my_db_data
Would the:
[script://$SPLUNK_HOME/etc/apps/<appName>/bin/starter_script.sh]
Need to be replaced with:
RESULTS=$(ssh user@server /path/to/the/script/script.sh)?
Thanks
Nope, whatever you plan to do for the remote connection and result extraction will be in another script, let's say "getRemote.sh". Now you will add this to your inputs.conf as mentioned in the doc http://docs.splunk.com/Documentation/Splunk/7.1.1/admin/Inputsconf#Scripted_Input: