Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Checkpointing scripts for subsequent invocations

dveith
Explorer
‎04-06-2011 10:28 PM

I'm writing an Add-on script for the universal forwarder that will read several log files containing complex data and reformat the data so that Splunk can more easily parse it.

Does my script need to implement it's own logic for "where it left off last time it was invoked" or does Splunk help with that somehow?

In other words, is it possible to have 'monitor' functionality, but with my own custom script?

Thanks.

Tags (1)
0 Karma
Reply

dwaddle
SplunkTrust
SplunkTrust
‎04-07-2011 09:14 PM

If you script is being run as a scripted input, then you will need to maintain last-run state for yourself. Some of Splunk's own scripted inputs (like in the *nix app) do this as well - by keeping a file with an epoch time stored in it.

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...