Is there a way to run a script residing in a bin f...

dominiquevocat · ‎01-09-2017

Is there a way to run a script residing in one of the /bin folders of an app on a universal forwarder via a rest call with some parameters?

Security wise it would need to be only files in an app and not an arbitrary file on the target machine 🙂

renjith_nair · ‎01-09-2017

Try this. You might need to workaround a bit by combining different rest calls.

curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/script/restart -d script=/Applications/splunk/bin/scripts/myScript.sh

Reference : http://docs.splunk.com/Documentation/Splunk/6.5.1/RESTREF/RESTinput#data.2Finputs.2Fscript.2Frestart

Happy Splunking!

dominiquevocat · ‎01-10-2017

Hm, i seem to bale to include a script in /bin of an app and define it as input and launch it remotely using

curl -u admin:changeme https://localhost:8089/servicesNS/nobody
/myApp/data/inputs/script/.%5Cbin%5Cmyscript.cmd -k

So that is part of the way. I would like to pass some parameter.

Also the interval poses a problem. I for now user interval = -1 but i am not sure of i can set an interval of 0 for "never"...

renjith_nair · ‎01-10-2017

Interval 0 makes the script run continuously.

You might need to set disabled=1 if you don't want splunk to run the script OR set interval to a very high value OR set a cron schedule in the interval so that you can control the execution

Happy Splunking!

Is there a way to run a script residing in a bin folder of an app located on the universal forwarder via a rest call?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms