Splunk Command Modular Input v1.3.2

by www.baboonbones.com

April 2019

Overview

This is a Splunk Modular Input for executing commands and indexing the output.

It is quite simply just a wrapper around whatever system commands/programs that you want to periodically execute and capture the output from ie: (top, ps, iostat, tshark, tcpdump etc...). It will work on all supported Splunk platforms.

Dependencies

Setup

Activation Key

You require an activation key to use this App. Visit http://www.baboonbones.com/#activation to obtain a non-expiring key

Custom Output Handlers

You can provide your own custom Output Handler. This is a Python class that you should add to the command_ta/bin/outputhandlers.py module.

You can then declare this class name and any parameters in the Command Input setup page.

Streaming vs Non Streaming Command Output

Some commands will keep STD OUT open and stream results.For these scenarios ensure you check the "streaming output" option on the setup page.

Environment variables

Environnment variables in the format $VARIABLE$ can be included in the command name and command arguments and they will be dynamically substituted ie: $SPLUNK_HOME$

Logging

Any modular input errors will get written to $SPLUNK_HOME/var/log/splunk/splunkd.log.

These are also searchable in Splunk : index=_internal error command.py

Troubleshooting