an was provided in this https://answers.splunk.com/answers/390425/scripted-input-and-not-working-well-with-linux-fin.html#answer-390458 ... View more

Thanks twinspop , that solved it . Cheers!!!! ... View more

Hi Jmallorquin, i found out scripted input in splunk doesnt seem to work well with linux "find" with the "-ls" flag find . -maxdepth 1 -type f -name "*.xml" -mmin 300 -ls when i use the find command without "-ls" it get an output ... View more

i tried your method ,i see no errors.However the command does not show any results. ... View more

hi changing the input.conf didnt help. just to clarify. The actual script works.only this line below doesnt return any results "$myresults = find $flags[0] -maxdepth 1 -type f -name $flags[1] -mmin $min_val -ls ;" ... View more

this is the input.conf and running this from the admin account [script://$SPLUNK_HOME/etc/apps/dir_patrol/bin/dir_patrol.pl] disabled = 0 interval = 60.0 sourcetype = dir_patrol ... View more

Hi sorry i forgot to mention i have already done that. regular print statement in the script works fine.its just the ones with commands that doesnt work ... View more

thanks renjith. I decided to use a different approach ... View more

thanks renjith that did the trick . ... View more

i have some form data that i have to save together with the timestamp. so i can only use the REST API. But i have tried several methods out there but doesnt seem to work . below is the samplecode where i am trying to retrive the timestamp results in to "my_timestamp" variable where i will inturn save into the dictionary to be used by the REST any ideas /// get current timestamp EPOCH TIME var timestamp_search = new SearchManager({ "id": "timestamp_search", "status_buckets": 0, "latest_time": "$latest$", "search": "| stats count as timestamp | eval timestamp = now()", "earliest_time": "$earliest$", "cancelOnUnload": true, "app": utils.getCurrentApp(), "auto_cancel": 90, "preview": true, "runWhenTimeIsUndefined": false }, {tokens: true,tokenNamespace: "submitted"}); //WHERE I GET THE TIME STAMP FROM THE SEACH MANAGER var my_timestamp = ?? //FORM INPUTS var record = { "CustID": form_id, "CustName": form_name, "CustStreet": form_street, "CustCity": form_city, "CustState": form_state, "CustZip": form_zip, "time_stamp" : my_timestamp }; // Use the request method to send a REST POST request // to the storage/collections/data/{collection}/ endpoint service.request( "storage/collections/data/mycollection/", "POST", null, null, JSON.stringify(record), {"Content-Type": "application/json"}, null); }); ... View more

i created a search manager object and the search string is "search": "| stats count as timestamp | eval timestamp = now()" so looks like what you suggested. but how do i get the variable "timestamp" into the kvstore. my search manager looks like this /// get current timestamp EPOCH TIME var timestamp_search = new SearchManager({ "id": "timestamp_search", "status_buckets": 0, "latest_time": "$latest$", "search": "| stats count as timestamp | eval timestamp = now()", "earliest_time": "$earliest$", "cancelOnUnload": true, "app": utils.getCurrentApp(), "auto_cancel": 90, "preview": true, "runWhenTimeIsUndefined": false }, {tokens: true}); my kvstore dictionary looks like this var record = { "time_stamp": timestamp }; ... View more

thanks renjith for the response,however answer you gave i already. my problem is actually retrieving the search results and saving it into the KVStore In other words i want a timestamp to be automatically generated and stored in the KVStore each time a record is inserted. So the logic i could come up with is to get the timestamp using the search manager and save the results. I am able to get the timestamp from the search manager . However i dont know how to extract the results and save it in the KVstore. Any suggestions Thanks Sam ... View more

this is sorted. i removed the old certs and restarted it and that fixed it ... View more

Hi i've got a similar scenario where i am trying to store current timestamp (EPOCH) into a KVStore. however i cant seem to get it working.Some help will be appreciated // Create Search manger to get current timestamp EPOCH TIME var timestamp_search = new SearchManager({ "id": "timestamp_search", "status_buckets": 0, "latest_time": "$latest$", "search": "| stats count as timestamp | eval timestamp = now()", "earliest_time": "$earliest$", "cancelOnUnload": true, "app": utils.getCurrentApp(), "auto_cancel": 90, "preview": true, "runWhenTimeIsUndefined": false }, {tokens: true}); // retrieve data from search manager var timestamp_search_obj = timestamp_search.data("preview"); timestamp_search_obj.on("data", function() { var timestamp_search_result = timestamp_search_obj.data().rows; }); // Create a dictionary to store the field names and values var record = { "time-stamp": timestamp_search_result }; ... View more

Hi Mikaelbje, do you mind sharing the steps you took to recreate the ssl certificate ... View more

HI i am having the same issue. I am running Splunk enterprise 6.2.4 on Red Hat Enterprise Linux Server release 6.5 am trying to connect to an oracle 11.2.0.3.0 and i downloaded the Oracle Database 11g Release 2 (11.2.0.3) JDBC Drivers. Any inputs ?? ... View more

same issue on my end too. did any one manage to get a solution for this ?? ... View more