Getting Data In

Adding text file into splunk

prathapkcsc
Explorer

I have a script containing ip and value.
Sh basic.sh>>sample.out
Know to get the logs i need to add this sample.out file to splunk like
/opt/splunkforwarder/bin/splunk add monitor sample.out.
Then i the files will comes into splunk..
But the problem is i want that script to be run everyone one hour..everytime adding that output file to splunk is not a good idea..Is there any way to schedule automatically or monitor that output file all the time...
Can anyone help me...

Thank you

0 Karma
1 Solution

sduff_splunk
Splunk Employee
Splunk Employee

Add the following to etc\system\local\inputs.conf

[monitor://path/to/your/file/outfile]
index=main

Refer to http://docs.splunk.com/Documentation/Splunk/6.5.3/Admin/Inputsconf and http://docs.splunk.com/Documentation/Splunk/6.5.3/Data/WhatSplunkcanmonitor.

View solution in original post

0 Karma

sduff_splunk
Splunk Employee
Splunk Employee

Add the following to etc\system\local\inputs.conf

[monitor://path/to/your/file/outfile]
index=main

Refer to http://docs.splunk.com/Documentation/Splunk/6.5.3/Admin/Inputsconf and http://docs.splunk.com/Documentation/Splunk/6.5.3/Data/WhatSplunkcanmonitor.

0 Karma

prathapkcsc
Explorer

[monitor://$SPLUNK_HOME/var/log/splunk/outputfile]
index=my_log_index_name

Thats it right??

0 Karma

DalJeanis
SplunkTrust
SplunkTrust

Are you saying you want to add it once, and never again?

Or are you saying you want the new data to be loaded every hour when it runs?

0 Karma

prathapkcsc
Explorer

Yes..I want to add that script output file sample.out once to the splunk path...
I want to avoid this thing
"/opt/splunkforwarder/bin/splunk add monitor sample.out"..
Splunk has to monitor changes in that outfile automatically

0 Karma

sduff_splunk
Splunk Employee
Splunk Employee

Splunk will automatically monitor changes in that outfile automatically!

You can either append data to the file, or create a new file each time, but Splunk will get updates made to it. You just need to use a monitor clause that you've already done with that add monitor command (check etc\system\local\inputs.conf, it should be listed there).

prathapkcsc
Explorer

[monitor://$SPLUNK_HOME/var/log/splunk]

this one right?

0 Karma

prathapkcsc
Explorer

if i place my output file inside this path SPLUNK_HOME/var/log/splunk...
wiill it detect the changes automatically?

0 Karma

dflodstrom
Builder

You can run this script as a scripted input that kicks off on a given cron schedule. Or, if you've scheduled this script to run locally and write to sample.out as you indicated you can have Splunk read sample.out using a monitor input stanza.

Getting Data Into Splunk

Monitoring Files and Directories

0 Karma

prathapkcsc
Explorer

"/opt/splunkforwarder/bin/splunk add monitor filename"
i want to avoid this above thing everytime.
can you give me the correct solution
Thank you

0 Karma

prathapkcsc
Explorer

[monitor://$SPLUNK_HOME/var/log/splunk]

can i add that output file to this path..

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...