Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to run batch file in splunk ?

shannu1241
New Member
‎06-04-2015 04:50 PM

I have a batch file named "testbatch.bat" and its content are as follows:

@echo off
@echo This is a test> test.txt
@echo 123>> test.txt
@echo 245.67>> test.txt

I have kept this under $SPLUNK_HOME\etc\system\bin

and changed the inputs.conf file to :

[script://$SPLUNK_HOME\etc\system\bin\testbatch.bat]
disabled = 0
index = main

[monitor://$SPLUNK_HOME\etc\system\bin\test.txt]
disabled = 0
index = main

But i dont see any data being indexed to main. I also cannot see "test.txt" being created under \etc\system\bin i.e batch file is not being executed,

Can the splunk experts help me out !!! My requirement is to run a batch file every 1 minute and index the output to main indexer.

Thanks

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
Legend
‎06-04-2015 08:18 PM

Hi shaunnu1241,

I tested it with this script in $SPLUNK_HOME\bin\scripts

foo.bat
    echo This is a test > "C:\Program Files\Splunk\var\log\splunk\test.txt"
    echo 123 >> "C:\Program Files\Splunk\var\log\splunk\test.txt"
    echo 245.67 >> "C:\Program Files\Splunk\var\log\splunk\test.txt"

and it works by running it like C:\Program Files\Splunk\bin>splunk.exe cmd scripts\foo.bat the result in "C:\Program Files\Splunk\var\log\splunk\test.txt" looks like this:

This is a test 
123 
245.67

Using it as scripted input running each 60 seconds works as well if using this inputs.conf

[script://$SPLUNK_HOME\bin\scripts\foo.bat]
disabled = false
interval = 10
sourcetype = foo

cheers, MuS

View solution in original post

Reply
Solved! Jump to solution
Solution

MuS
Legend
‎06-04-2015 08:18 PM

Hi shaunnu1241,

I tested it with this script in $SPLUNK_HOME\bin\scripts

foo.bat
    echo This is a test > "C:\Program Files\Splunk\var\log\splunk\test.txt"
    echo 123 >> "C:\Program Files\Splunk\var\log\splunk\test.txt"
    echo 245.67 >> "C:\Program Files\Splunk\var\log\splunk\test.txt"

and it works by running it like C:\Program Files\Splunk\bin>splunk.exe cmd scripts\foo.bat the result in "C:\Program Files\Splunk\var\log\splunk\test.txt" looks like this:

This is a test 
123 
245.67

Using it as scripted input running each 60 seconds works as well if using this inputs.conf

[script://$SPLUNK_HOME\bin\scripts\foo.bat]
disabled = false
interval = 10
sourcetype = foo

cheers, MuS

Reply
Solved! Jump to solution

MuS
Legend
‎06-04-2015 06:49 PM

Your inputs.conf is missing an interval to run the script:

interval = [<number>|<cron schedule>]
* How often to execute the specified command (in seconds), or a valid cron schedule. 
* NOTE: when a cron schedule is specified, the script is not executed on start-up.
* If specified as a number, may have a fractional component; e.g., 3.14
* Splunk's cron implementation does not currently support names of months/days.
* Defaults to 60.0 seconds.
* The special value 0 will force this scripted input to be executed non-stop; that is, as soon as script exits, we shall re-start it.
0 Karma
Reply
Solved! Jump to solution

shannu1241
New Member
‎06-04-2015 06:52 PM

i added and tried with interval = 60 but didnt work.

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎06-04-2015 06:56 PM

Also, take a look at $SPLUNK_HOME\var\log\splunk\splunkd.log, it should tell you if the script is executing or not. Also run $SPLUNK_HOME\bin\splunk cmd btool inputs list to see if you can find your script listed, as this will indicate if the configuration is correct.

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎06-04-2015 07:01 PM

Another hint, place your script into $SPLUNK_HOME/bin/scripts and try to run it like $SPLUNK_HOME/bin/splunk cmd yourscript.bat

Reply
Solved! Jump to solution

shannu1241
New Member
‎06-04-2015 07:12 PM

I have placed my script under $SPLUNK_HOME/bin/scripts but how to run it..? Can you elaborate pls.

Do i need to change anything in inputs.conf file??

Pls help me.. i am new to splunk..

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎06-04-2015 07:13 PM

cd $SPLUNK_HOME/bin/scripts
$SPLUNK_HOME/bin/splunk cmd yourscript.bat

0 Karma
Reply
Solved! Jump to solution

shannu1241
New Member
‎06-04-2015 07:15 PM

i need that script to be run every 1 minutes automatically, how can i achieve that?

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎06-04-2015 07:18 PM

like I said before, add interval = 60 to your inputs.conf or configure it in the UI http://docs.splunk.com/Documentation/Splunk/6.2.3/Data/Scripts

0 Karma
Reply
Solved! Jump to solution

shannu1241
New Member
‎06-04-2015 07:22 PM

tried .. but same result..

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎06-04-2015 07:28 PM

is your script running at all if you do this $SPLUNK_HOME/bin/splunk cmd yourscript.bat in the directory where the script is? I must admit, I have no Windows Splunk handy and cannot test anything.

0 Karma
Reply
Solved! Jump to solution

shannu1241
New Member
‎06-04-2015 07:36 PM

when i double click on bat file its running.

But when i use cmd prompt to run :

c:\Program Files\Splunk\bin>splunk cmd test1.bat

its not showing anything.. my doubt is if the script is in scripts how will it run from bin??

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...