Databases Reference
In-Depth Information
Scripts as inputs
Splunk will periodically execute processes and capture the output. For example, here
is input from the
ImplementingSplunkDataGenerator
app:
[script://./bin/implSplunkGen.py 2]
interval=60
sourcetype=impl_splunk_gen_sourcetype2
source=impl_splunk_gen_src2
host=host2
index=implSplunk
Things to notice in this example are as follows:
• The present working directory is the root of the app that contains
inputs.conf
.
• Files that end with
.py
will be executed using the Python interpreter
included with Splunk. This means the Splunk Python modules are available.
To use a different Python module, specify the path to Python in the stanza.
• Any arguments specified in the stanza will be handed to the script as if
executed at the command line.
•
interval
specifies how often this script should be run, in seconds.
° If the script is still running, it will not be launched again.
° Long-running scripts are fine. Since only one copy of a script will
run at a time, the interval will instead indicate how often to check
whether the script is still running.
° This value can also be specified in
cron
format.
Any programming language can be used, as long as it can be executed at
the command line. Splunk simply captures the standard output from whatever
is executed.
Included with Splunk for Windows are scripts for querying WMI. One sample
stanza looks like this:
[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
Things to note are:
• Windows paths require backslashes instead of slashes.
•
$SPLUNK_HOME
will expand properly.
Search WWH ::
Custom Search