Dear Splunkers,
I'm running my indexer on a redhat machine. On a Windows machine in our environment I'm going to run daily scripts. For testing purposes splunk was also installed on that windowsmachine. How can I forward the output of the selfmade scipts to my indexer?
Sounds like I have no idea splunk works 🐵 and... yes... sometimes thats right! 🙂
Thanks for help!
/Jan
You need a scripted input. With this, Splunk executes the script you specify (it can be any kind of script as long as the system supports running it), and reads/indexes the output the script produces. This docs section has more info: http://docs.splunk.com/Documentation/Splunk/5.0/AdvancedDev/ScriptedInputsIntro
The forwarder will forward the events it receives to the indexer, so the output from your script that is executed on Server_1 will end up on your indexer just like any other logs.
The Problem is that I need to run these scripts on Server_1. On Server_1the forwarder is installed. Now I try to forward the output of the script from Server_1 to my indexer (Server_Index). I can't figure out how this will work?
The link above is as far as i can see for scripts running ob the same server where the indexer is installed.
Anyone a idea?
nobody a clue?
That shouldnt be too hard. but I also did not find a way... 😞