You define both the behavior and endpoints for a script in an XML scheme that the script returns to splunkd.ĭuring introspection, splunkd reads the scheme to implement your script as a modular input. See Tips for writing scripts for modular and scripted inputs in Splunk Cloud Platform or Splunk Enterprise on the Splunk developer portal for tips and best practices for writing scripts. Twitter example Amazon S3 example General tips on writing scripts See Modular Inputs examples for listings and descriptions of Modular Inputs example scripts. The following type of executable files are recognized for introspection:įilename (executable file without an extension) Executable files recognized for introspection Only use a platform-specific directory if required for that architecture. Note: Always have a platform-neutral version of the script in the default bin directory. Otherwise, a platform-neutral version of the script runs in the default bin directory.
If you place a script in an architecture-specific directory, the script runs the appropriate version of the script if installed on that platform. The following bin directories, relative to $SPLUNK_HOME/etc, are available for the corresponding Intel architectures: The architecture-specific directories are all Intel-based. Architecture-specific version directories are only available for the following subset of architectures that Splunk Enterprise supports. However, you can provide an architecture-specific version of a modular input script by placing the appropriate version of the script in the corresponding architecture-specific bin directory in your Splunk Enterprise installation. Typically, you use the default bin directory for scripts: Stream data as text or as XML, using checkpoints (scenario 3)
#SPLUNK INPUTS.CONF EXAMPLES CODE#
If validation fails, exit writing error code to stdout Implement -validate-arguments arg to validate configuration (scenario 2) Implement routines to validate configuration Implement -scheme arg to print the scheme to stdout (scenario 1) This also assumes that you are checkpointing data to avoid reading from the same source twice, as described in Data checkpoints. This example assumes that there is a valid spec file, as described in Modular inputs spec file. The following pseudo-code describes the behavior of a modular input script. The data can be streamed as plain text or as XML, as described in Set up streaming. The script streams event data that can be indexed. The script has routines to validate its configuration, as described in Set up external validation. Splunkd runs the script to determine the behavior and configuration. The introspection scheme defines the behavior and endpoints of the script, as described in Define a scheme for introspection. Returns the introspection scheme to splunkd.Other features regarding creating modular inputs, listed below, are covered elsewhere in this manual:Ī script that implements modular inputs runs in three scenarios: It also covers overriding default modular input script run behavior for *nix and Windows. This topic provides details on creating a modular input script, defining an introspection scheme, and the impact of enabling, disabling, and updating modular input scripts.
0 kommentar(er)
