But it is not a "personal decision". The "scripted input" means, UF will not be monitoring the files by itself -- it will rely on the periodically spawn script to look for them, and process anything discovered. Or am I mistaken? And, if it is invoked periodically -- rather than once for each core -- then the script must process all cores discovered, in one go... And keep track. Yes, I know, how to keep track of files, but UF already has this tracking implemented -- for the ordinary logs (Splunk's bread and butter), it keeps track not only of each file, but of the position within each file. I'd much rather rely on that mechanism, than reimplement it... The scripted input solution will use the custom script to both, detect core-dumps and process them. I'd much prefer to have to implement only the latter part -- the processing, not the detection... So, can something like the below be added as an input: [monitor:///my/application/directory/core.*]
disabled=0
source_type=coredump
process_with=/my/scripts/core2json It is the last line of the hypothetical input, that I'm inquiring about... Can I ask UF to invoke a program instead of attempting to parse the file on its own? The UF will not need to know, what the script did. It just need to keep track of for which files the script has been invoked already -- and whether the invocation has been successful (exited with code 0). (For some reason, I cannot even find the full reference of the inputs.conf syntax 😞 Only examples -- but not the full list of available verbs...)
... View more