There are 9 parameters that are passed to the Shell script from Splunk, with the one being unused. Is it possible to use that 7th (depreciated) variable to pass a field like ServerName or some such?
(http://www.splunk.com/base/Documentation/latest/Admin/Configurescriptedalerts)
Right now we have a global scheduled search across servers to trigger an SNMP trap ... it would be nice to be able to pass a specific server name along with the other information currently sent.
This can be done if an individual report is created for each server, but that would be tedious.
Thoughts?
~jt
You can read the Splunk_Arg_8 parameter passed, parse the contents of the file for ServerName and use that.
If you do not have a program for converting GZ to CSV, Splunk includes a command-line converter called minigzip.exe in %SPLUNK_HOME%\bin.