Solved: Re: Why am I getting error "Could not find script ...

thejohn · ‎06-27-2015

How do I add a local script on the forwarder from the deployment server?
I've put the script on the Universal forwarder in $SPLUNK_HOME\bin\scripts\ and tried to configure it on the server like so:

Add Data -> Select Forwarder -> Source: Scripts -> Command: $SPLUNK_HOME\bin\scripts\scan.bat

and on the last step, submit, it says Could not find file $SPLUNK_HOMEbinscriptsscan.bat.
It seems like you can't specify scripts local to the UF? Only scripts on the server? Is this right or I am doing something wrong?

Also I know I can configure this in inputs.conf on the UF, but it would be much better to do this from the Splunk Web UI than to rdp to the UF each time I need to add a script.

martin_mueller · ‎06-27-2015

You can specify a script local to the UF in inputs.conf of a deployment app. While the UI may not allow this, you certainly can add a script://... entry on the Deployment Server directly and deploy that out to the UF.

View solution in original post

martin_mueller · ‎06-27-2015

You can specify a script local to the UF in inputs.conf of a deployment app. While the UI may not allow this, you certainly can add a script://... entry on the Deployment Server directly and deploy that out to the UF.

martin_mueller · ‎06-27-2015

Feel free to submit a case to support requesting this feature.

thejohn · ‎06-27-2015

Oh ok that might work. But its a shame this can't be done in UI. You can monitor files and directories from UI, local to forwarders so I think you should be able to run local scripts too.

Why am I getting error "Could not find script on deployment client" trying to add a local script on the universal forwarder from the deployment server?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?