Re: manually run a scripted input?

jeff · ‎12-14-2012

I have a scripted input in Splunk that sends it's data to Splunk via STDOUT. Is there any way to run the script on-demand and have the results sent to Splunk without restarting Splunk? Something like a "oneshot" cli method, but for scripted inputs, not for files.

jkat54 · ‎07-17-2019

You can do this, but splunk wont index the data necessarily: ./splunk cmd /opt/splunk/etc/apps/yourapp/bin/script.sh

You will see STDOUT/ERR from your script though

tomasmoser · ‎05-18-2017

You can disable and again enable scripted input. This will make it run. It worked for me.

itinney · ‎12-14-2012

If you write the output to a file in a sinkhole like, .../var/spool/splunk, then Splunk will consume it.
If you need the sourcetype to be the same as when it runs as a script then create a different sinkhole and specify the sourcetype

yannK · ‎12-14-2012

or same idea with saving the result of the script to a file and monitor the file with the correct sourcetype.

then you will have to clean the result file once a while.

alacercogitatus · ‎12-14-2012

What OS are you running?

manually run a scripted input?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases