Am trying to run a command through perl and the results used as scripted input which will be indexed by splunk.
However i dont get any output when i run the script through splunk.
i have tried the perl "system" module and "backticks" but none of it works.
The script works fine if i run it manually through the command line.
$myresults = `find $flags -maxdepth 1 -type f -name $flags -mmin $min_val -ls`; print $myresults
The script has been added to the input.conf.
Some help will be much appreciated
Use the bin folder to write a sh script with you perl command, then in the inputs.conf configure a stanza with the sh script.
Hope i help you.
sorry i forgot to mention i have already done that.
regular print statement in the script works fine.its just the ones with commands that doesnt work
Can you show the inputs.conf conf and also have you check that the user of splunk have rights to execute the script?
this is the input.conf and running this from the admin account
disabled = 0
interval = 60.0
sourcetype = dir_patrol
changing the input.conf didnt help.
just to clarify.
The actual script works.only this line below doesnt return any results
find $flags -maxdepth 1 -type f -name $flags -mmin $min_val -ls;"
So the problem is with perl... have you try to build the command before execute?
$command = "find." ".$flags." -maxdepth 1 -type f -name"." ".$flags." -mmin ".$min_val." -ls";
Hope i help you
i tried your method ,i see no errors.However the command does not show any results.
review the _internal index to see if there is any error.
hope i help you
i found out scripted input in splunk doesnt seem to work well with linux "find" with the "-ls" flag
find . -maxdepth 1 -type f -name "*.xml" -mmin 300 -ls
when i use the find command without "-ls" it get an output
The problem is in the stanza
you have to use
[script://./bin/dir_patrol.pl] disabled = 0 interval = 60 sourcetype = dir_patrol
Hope i help you