Re: howto? selfmade script output on windows send ...

jan_wohlers · ‎06-21-2012

Dear Splunkers,

I'm running my indexer on a redhat machine. On a Windows machine in our environment I'm going to run daily scripts. For testing purposes splunk was also installed on that windowsmachine. How can I forward the output of the selfmade scipts to my indexer?

Sounds like I have no idea splunk works 🐵 and... yes... sometimes thats right! 🙂

Thanks for help!

/Jan

Ayn · ‎06-27-2012

You need a scripted input. With this, Splunk executes the script you specify (it can be any kind of script as long as the system supports running it), and reads/indexes the output the script produces. This docs section has more info: http://docs.splunk.com/Documentation/Splunk/5.0/AdvancedDev/ScriptedInputsIntro

Ayn · ‎06-27-2012

The forwarder will forward the events it receives to the indexer, so the output from your script that is executed on Server_1 will end up on your indexer just like any other logs.

jan_wohlers · ‎06-27-2012

The Problem is that I need to run these scripts on Server_1. On Server_1the forwarder is installed. Now I try to forward the output of the script from Server_1 to my indexer (Server_Index). I can't figure out how this will work?

The link above is as far as i can see for scripts running ob the same server where the indexer is installed.

Anyone a idea?

jan_wohlers · ‎06-27-2012

nobody a clue?

That shouldnt be too hard. but I also did not find a way... 😞

howto? selfmade script output on windows send to linux indexer

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases