This is a Splunk Modular Input for executing commands and indexing the output.
It is quite simply just a wrapper around whatever system commands/programs that you want to periodically execute and capture the output from ie: (top, ps, iostat, tshark, tcpdump etc...). It will work on all supported Splunk platforms.
Settings -> Data Inputs -> Commandto add a new Input stanza via the UI
inputs.conffile should be placed in a
localdirectory under an App or User context.
You require an activation key to use this App. Visit http://www.baboonbones.com/#activation to obtain a non-expiring key
You can provide your own custom Output Handler. This is a Python class that you should add to the command_ta/bin/outputhandlers.py module.
You can then declare this class name and any parameters in the Command Input setup page.
Some commands will keep STD OUT open and stream results.For these scenarios ensure you check the "streaming output" option on the setup page.
Environnment variables in the format $VARIABLE$ can be included in the command name and command arguments and they will be dynamically substituted ie: $SPLUNK_HOME$
Any modular input errors will get written to $SPLUNK_HOME/var/log/splunk/splunkd.log.
These are also searchable in Splunk :
index=_internal error command.py