How to show output of script to Splunk without ind...

sieutruc · ‎11-02-2012

Hello Splunkers,

I have a script that outputs data in tabular form to console.

For exp:

machine state

A ON

B OFF

After that, i get this ouput via python by using:

output=subprocess.check_output("memory.bat", shell=True)

I wrote a function named showoutput.py like search command.
My question is how to show that output above in Splunk without indexing it via a search like:

| script python showoutput memory.bat

In my company, there are a lot of machine, the importance is to catch all their current states in real time. The historic data is already resolved with another tool.

MHibbin · ‎11-02-2012

You could set it up as a custom command, that doesn't actually work like the typical custom command.

For example you could create a generic search on "*" and a small time range. Then pipe to your new custom command which runs your script in the background, but it will display the output as results (i.e. anything written to STDOUT).

Quite easy to set a command up, just use the following:

http://docs.splunk.com/Documentation/Splunk/5.0/Search/AddthecustomcommandtoSplunk

Think that is probably the easiest way to just simply plug your script into Splunk. You could probably do a scripted lookup, but that might require you changing the script.

How to show output of script to Splunk without indexing it

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases