Hi,
On Splunk forwarders, we have few shell scripts in "SPLUNK_HOME/etc/apps/my_app/bin/" that are being run. Just wondering where do the outputs of these shell scripts store? Shell scripts don't have the output filename in them so I tried to look into "SPLUNK_HOME/var/log/splunk" but no luck. Are these outputs store in "*.dat" file which we can't read?
Thanks
If you are running scripted inputs
, then Splunk will index the output that it sees hitting stdout
. This means that you can pipe the output of your scripts to other things and Splunk will only index the final text that hits stdout
. Any other output that goes anywhere else will be ignored by Splunk, unless of course you are writing it to file and have a different [monitor://...]
stanza looking for it, which would be strange.
If you are running scripted inputs
, then Splunk will index the output that it sees hitting stdout
. This means that you can pipe the output of your scripts to other things and Splunk will only index the final text that hits stdout
. Any other output that goes anywhere else will be ignored by Splunk, unless of course you are writing it to file and have a different [monitor://...]
stanza looking for it, which would be strange.
So you are doing scripted input? Splunk runs the script on the interval you specify and then indexes the output. I don't think there's an intermediate location.