Hi
sorry i forgot to mention i have already done that.
regular print statement in the script works fine.its just the ones with commands that doesnt work

Hi,

Can you show the inputs.conf conf and also have you check that the user of splunk have rights to execute the script?

this is the input.conf and running this from the admin account

[script://$SPLUNK_HOME/etc/apps/dir_patrol/bin/dir_patrol.pl]
disabled = 0
interval = 60.0
sourcetype = dir_patrol

hi
changing the input.conf didnt help.
just to clarify.
The actual script works.only this line below doesnt return any results
"$myresults = find $flags[0] -maxdepth 1 -type f -name $flags[1] -mmin $min_val -ls;"

Ok,
So the problem is with perl... have you try to build the command before execute?

$command =  "find." ".$flags[0]." -maxdepth 1 -type f -name"." ".$flags[1]." -mmin ".$min_val." -ls";

printf($command);
system($command);

Hope i help you

i tried your method ,i see no errors.However the command does not show any results.

Hi,
review the _internal index to see if there is any error.

hope i help you

Hi Jmallorquin,

i found out scripted input in splunk doesnt seem to work well with linux "find" with the "-ls" flag

find . -maxdepth 1 -type f -name "*.xml" -mmin 300 -ls

when i use the find command without "-ls" it get an output

an was provided in this
https://answers.splunk.com/answers/390425/scripted-input-and-not-working-well-with-linux-fin.html#an...

Hi,

The problem is in the stanza

you have to use

[script://./bin/dir_patrol.pl]
disabled = 0
interval = 60
sourcetype = dir_patrol

Hope i help you