Is there a way to run a script residing in one of the /bin folders of an app on a universal forwarder via a rest call with some parameters?
Security wise it would need to be only files in an app and not an arbitrary file on the target machine 🙂
Try this. You might need to workaround a bit by combining different rest calls.
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/script/restart -d script=/Applications/splunk/bin/scripts/myScript.sh
Reference : http://docs.splunk.com/Documentation/Splunk/6.5.1/RESTREF/RESTinput#data.2Finputs.2Fscript.2Frestart
Hm, i seem to bale to include a script in /bin of an app and define it as input and launch it remotely using
curl -u admin:changeme https://localhost:8089/servicesNS/nobody
/myApp/data/inputs/script/.%5Cbin%5Cmyscript.cmd -k
So that is part of the way. I would like to pass some parameter.
Also the interval poses a problem. I for now user interval = -1 but i am not sure of i can set an interval of 0 for "never"...
Interval 0 makes the script run continuously.
You might need to set disabled=1 if you don't want splunk to run the script OR set interval to a very high value OR set a cron schedule in the interval so that you can control the execution