A scripted input in Splunk is simply a process that outputs text. Splunk will run the script periodically, as configured in inputs.conf. Let's make a simple example.
The configuration inputs.conf inside your app would contain an entry as follows:
[script://./bin/user_count.sh] interval = 60 sourcetype = user_count
The script in bin/user_count.sh could contain something as follows:
#!/bin/sh DATE=$(date "+%Y-%m-%d %H:%M:%S") COUNT=$(wc -l /etc/passwd | awk '{print "users="$1}') echo $DATE $COUNT
This would produce an output such as this:
2012-10-15 19:57:02 users=84
Good examples of this type of script are available in the Unix app available at https://splunkbase.splunk.com.
Please note that:
- An interval can ...