I currently have a Python script calling an API and returning the results to Splunk. I can use the |script
command in Splunk and the Python script works as expected. I have a dashboard built on the underlying data, which is pretty small in volume.
Is there a way to schedule this script to be called within Splunk? Is the saved search the best way to go about calling the |script
command?
You could turn your script into a scripted input, and run that on a schedule either by interval or cron.
Hey. How did you return the results of the script to Splunk?
You could turn your script into a scripted input, and run that on a schedule either by interval or cron.
Search for index=_internal jira_wrapper_script
to find infos about the script running.
For a simplified example, try something like this:
test.sh (set x bit with chmod!):
#!/bin/sh
echo Hello
inputs.conf
[script://./bin/test.sh]
interval, index, etc.
This should send an event containing just the word Hello to the index, sourcetype, etc. you specified in the inputs.conf.
Hmmm, it seems my scripting skills are below par. I set up the monitoring of the python script directly through the UI and it worked flawlessly. Shell script didn't turn out as well.
Turns out there was some issue with the actual sh file. The below shell script worked for anyone stumbling upon this page.
shell script
#!/bin/bash
python "C:/Program Files/Splunk/etc/apps/my_app_name/bin/jira_rest_api.py"
Martin - thank you for your help.
That's the easiest approach, yes.
http://docs.splunk.com/Documentation/Splunk/6.4.0/AdvancedDev/ScriptSetup
I tried going down the path of scripted inputs, to pretty bad results. I added the .sh script to inputs.conf, but there is no reference to the script anywhere in the logs. Is there a way to check if the script is being triggered at all?
[script://$SPLUNK_HOME/etc/apps/my_app/bin/jira_wrapper_script.sh]
disabled = false # change to false to start the input, requires restart
host = local
index = jira_test
interval = 240
source = http-simple
sourcetype = jira
[script://$SPLUNK_HOME/etc/apps/my_app/bin/jira_rest_api.py]
disabled = false # change to false to start the input, requires restart
host = local
index = jira_test
interval = 240
source = http-simple
sourcetype = jira
I am not surprised that the shell script may not work, since I have never written one before. I did expect to see error messages somewhere.
Do I need to create a .sh file that calls the .py file?