- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Question on shell script for linux
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi i am new to splunk and recently just setup a forwarder (Ubuntu system) and a indexer (Window 7).
Would like to use shell script to forward data to indexer but not too sure how i should code the shell script for it to work. For example if i wan to forward info on (ls -l $Home) how should i put it in the script for splunk to read it?
the ls -l $Home should display something like:
drwxr-xr-x 2 test test 4096 Sep 16 17:47 Desktop
drwxr-xr-x 2 test test 4096 Sep 14 16:11 Documents
drwxr-xr-x 2 test test 4096 Sep 14 18:02 Downloads
i tried creating a test.sh with content (ls -l $Home) to test but it does not work.
Really hope someone would give me an example on this thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You can write anything in the shell script. Just remember to make it executable and then use "scripted-inputs" method of data input to call that script.
Check out http://docs.splunk.com/Documentation/Splunk/latest/Data/Setupcustominputs#Add_a_scripted_input_via_i... for more details.
Regards,
Amit Saxena
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks it works after changing the script to executable
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You can write anything in the shell script. Just remember to make it executable and then use "scripted-inputs" method of data input to call that script.
Check out http://docs.splunk.com/Documentation/Splunk/latest/Data/Setupcustominputs#Add_a_scripted_input_via_i... for more details.
Regards,
Amit Saxena
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks it works after changing the script to executable
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Make the shell script executable, chmod a+x tesh.sh then configure it in inputs.conf. It works.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And also, that may not be the first task you wish to try if you're just starting out. Try monitoring /var/log/messages or some similar log file, which a) has chronological timestamps and b) gets updated fairly often.
/K
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you configured inputs.conf to run the script?
Join Us for Splunk University and Get Your Bootcamp Game On!
.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!
Announcing Scheduled Export GA for Dashboard Studio
