All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Run script without sending to index

Dpeedahnb
Explorer
‎06-29-2020 02:13 AM

I wish to run a python script that updates files within a monitoring directory, without directly sending any files to the index. All the examples I’ve seen have people running a script and sending logs to their index.

Would removing the sourcetype/ index fields make it act the way I want? Or will it behave the way I want as long as I’m not sending logs within the script. Sorry for any confusion.

1
2
3
4
5
[script://./bin/TA-SimpleApp.py]
interval = 10
sourcetype = my_sourcetype
disabled = False
index = main
 
Labels (2)
0 Karma
Reply

livehybrid
Builder
‎07-09-2020 02:01 AM

You could drop all data from your custom sourcetype into the nullQueue so that it doesnt reach the indexing queue. The below should help:

props.conf

[my_sourcetype]
TRANSFORMS-ignore = null_queue


transforms.conf

[nullqueue]
REGEX = .
DEST = queue
FORMAT = nullQueue
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...