Databases Reference
In-Depth Information
inputs.conf should contain something similar to the following:
[script://./bin/long_running.py]
interval = 1
sourcetype=long_running
With interval = 1 , Splunk will try to launch the script every second, but will only
run one copy of the script at a time.
props.conf should then contain something like:
[long_running]
TIME_FORMAT = %Y-%m-%dT%H:%M:%S
MAX_TIMESTAMP_LOOKAHEAD = 21
BREAK_ONLY_BEFORE = ^\d{4}-\d{1,2}-\d{1,2}T\d{1,2}:
This will create a long-running process that can do whatever is appropriate.
Though it is convenient to have Splunk execute scripts for you
and capture the output, if the information you are capturing is
vital, it may be safer to simply schedule the script with cron,
direct its output to a file, and point Splunk at that file. This
allows you to use the file in other ways; you can capture both
standard output and errors, and the data will still be captured
if Splunk is down. It, however, has the disadvantage that you
have to clean up those logs yourself.
Using Splunk from the command line
Almost everything that can be done via the web interface can also be accomplished
via the command line. For an overview, see the output of /opt/splunk/bin/
splunk help . For help on a specific command, use /opt/splunk/bin/splunk
help [commandname] .
The most common action to perform on the command line is search. For example,
have a look at the following code:
$ /opt/splunk/bin/splunk search 'foo'
2012-08-25T20:17:54 user=user2 GET /foo?q=7148356 uid=MzA4MTc5OA
2012-08-25T20:17:54 user=user2 GET /foo?q=7148356 uid=MzA4MTc5OA
2012-08-25T20:17:54 user=user2 GET /foo?q=7148356 uid=MzA4MTc5OA
...
 
Previous Page
Next Page
Implementing Splunk: Big Data Reporting and Development for Operational Intelligence
Search WWH ::




Custom Search
Home