Data
Reader small image

You're reading from  Splunk Operational Intelligence Cookbook - Second Edition

Product typeBook
Published inJun 2016
Publisher
ISBN-139781785284991
Edition2nd Edition
Tools
Splunk
Concepts
Operational Intelligence
Right arrow
Authors (4):
Jose E. Hernandez
Jose E. Hernandez
author image
Jose E. Hernandez

Jose Hernandez is currently the Director of Security Solutions at Zenege Inc. with a vast experience in security analytics. He started his professional career at Prolexic Technologies (now Akamai) in DDOS fighting attacks from anonymous and lulzsec against fortune 100 companies. While working at Splunk Inc. as a Security Architect, he built and released an auto-mitigation framework that has been used to automatically fight attacks in large organizations. In the past, he has helped build security operation centers as well as run a public threat intelligence service. Jose is originally from Miami, Florida where he completed his Master's degree in Information Security from Nova Southeastern University. He also achieved two undergraduate Bachelor degrees from Florida International University in the field of Management of Information Systems and Information Technologies. Although security information has been the focus of his career, Jose has found that his true passion is in solving problems and creating solutions. As an example, he built an underwater remote control vehicle called the SensorSub, which was used to test and measure toxicity in Miami's waterways. As per the contact information, my email is josehelps@gmail.com, twitter: divious_1 and github divious1
Read more about Jose E. Hernandez

Josh Diakun
Josh Diakun
author image
Josh Diakun

Josh Diakun is an IT operations and security specialist with a focus on creating data-driven operational processes. He has over 10 years of experience managing and architecting enterprise-grade IT environments. For the past 7 years, he has been architecting, deploying and developing on Splunk as the core platform for organizations to gain security and operational intelligence. Josh is a founding partner at Discovered Intelligence, a company specializing in data intelligence services and solutions. He is also a co-founder of the Splunk Toronto User Group.
Read more about Josh Diakun

Derek Mock
Derek Mock
author image
Derek Mock

Derek Mock is a software developer and big data architect who specializes in IT operations, information security, and cloud technologies. He has 15 years' experience developing and operating large enterprise-grade deployments and SaaS applications. He is a founding partner at Discovered Intelligence, a company specializing in data intelligence services and solutions. For the past 6 years, he has been leveraging Splunk as the core tool to deliver key operational intelligence. Derek is based in Toronto, Canada, and is a co-founder of the Splunk Toronto User Group.
Read more about Derek Mock

Paul R. Johnson
Paul R. Johnson
author image
Paul R. Johnson

Paul R. Johnson has over 10 years of data intelligence experience in the areas of information security, operations, and compliance. He is a partner at Discovered Intelligence, a company specializing in data intelligence services and solutions. Paul previously worked for a Fortune 10 company, leading IT risk intelligence initiatives and managing a global Splunk deployment. Paul co-founded the Splunk Toronto User Group and lives and works in Toronto, Canada.
Read more about Paul R. Johnson

View More author details
Right arrow

Using scripted inputs

Not all data that is useful for operational intelligence comes from logfiles or network ports. Splunk will happily take the output of a command or script and index it along with all your other data.

Scripted inputs are a very helpful way to get that hard-to-reach data. For example, if you have third-party-supplied command-line programs that can output data you would like to collect, Splunk can run the command periodically and index the results. Typically, scripted inputs are often used to pull data from a source, whereas network inputs await a push of data from a source.

This recipe will show you how to configure Splunk on an interval to execute your command and direct the output into Splunk.

Getting ready

To step through this recipe, you will need a running Splunk server and the provided scripted input script suited to the environment you are using. For example, if you are using Windows, use the cp01_scripted_input.bat file. This script should be placed in the $SPLUNK_HOME/bin/scripts directory. No other prerequisites are required.

How to do it…

Follow the steps in the recipe to configure a scripted input:

  1. Log in to your Splunk server.

  2. From the menu in the top right-hand corner, click on the Settings menu and then click on the Add Data link.

  3. If you are prompted to take a quick tour, click on Skip.

  4. In the How do you want to add data? section, click on monitor.

  5. Click on the Scripts section.

  6. A form will be displayed with a number of input fields. In the Script Path drop-down, list select the location of the script. All scripts must be located in a Splunk bin directory, either in $SPLUNK_HOME/bin/scripts or an appropriate bin directory within a Splunk app, such as $SPLUNK_HOME/etc/apps/search/bin.

  7. In the Script Name drop-down list, select the name of the script. In the Commands field, add any command-line arguments to the auto-populated script name.

  8. Enter the value in the Interval field (in seconds) in which the script is to be run (the default value is 60.0 seconds) and then click Next.

  9. In the Source Type section, you have the option to either select a predefined source type or select New and enter your desired value. For the purpose of this recipe, select New as the source type and enter cp01_scripted_input as the value for the source type. Then click Review.

    Data will be indexed into Splunk's default index, which is main. To change the destination index, you can select the desired index from the drop-down list in the Index section.

  10. Review the settings. If everything is correct, click Submit.

  11. If everything was successful, you should see a Script input has been created successfully message.

  12. Click on the Start searching button. The Search & Reporting app will open with the search already populated based on the settings supplied earlier in the recipe. Splunk is now configured to execute the scripted input you provided every 60 seconds, in accordance with the specified interval. You can search for the data returned by the scripted input using the following search over all time:

    sourcetype=cp01_scripted_input

How it works…

When adding a new scripted input, you are directing Splunk to add a new configuration stanza into an inputs.conf file behind the scenes. The Splunk server can contain one or more inputs.conf files, located either in $SPLUNK_HOME/etc/system/local or the local directory of a Splunk app.

After creating a scripted input, Splunk sets up an internal timer and executes the command that you have specified, in accordance with the defined interval. It is important to note that Splunk will only run one instance of the script at a time, so if the script gets blocked for any reason, it will cause the script to not be executed again, until after it has been unblocked.

Since Splunk 4.2, any output of the scripted inputs that are directed to stderr (causing an error) are captured to the splunkd.log file, which can be useful when attempting to debug the execution of a script. As Splunk indexes its own data by default, you can search for that data and alert on it if necessary.

For security reasons, Splunk does not execute scripts located outside of the bin directories mentioned earlier. In order to overcome this limitation, you can use a wrapper script (such as a shell script in Linux or batch file in Windows) to call any other script located on your machine.

See also

Also refer to the following recipes for more information:

  • The Indexing files and directories recipe

  • The Getting data through network ports recipe

  • The Using modular inputs recipe

Previous Page
Chapter 7 of 17, Page 5
Next Page
You have been reading a chapter from
Splunk Operational Intelligence Cookbook - Second Edition
Published in: Jun 2016Publisher: ISBN-13: 9781785284991
© 2016 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (4)

author image
Jose E. Hernandez

Jose Hernandez is currently the Director of Security Solutions at Zenege Inc. with a vast experience in security analytics. He started his professional career at Prolexic Technologies (now Akamai) in DDOS fighting attacks from anonymous and lulzsec against fortune 100 companies. While working at Splunk Inc. as a Security Architect, he built and released an auto-mitigation framework that has been used to automatically fight attacks in large organizations. In the past, he has helped build security operation centers as well as run a public threat intelligence service. Jose is originally from Miami, Florida where he completed his Master's degree in Information Security from Nova Southeastern University. He also achieved two undergraduate Bachelor degrees from Florida International University in the field of Management of Information Systems and Information Technologies. Although security information has been the focus of his career, Jose has found that his true passion is in solving problems and creating solutions. As an example, he built an underwater remote control vehicle called the SensorSub, which was used to test and measure toxicity in Miami's waterways. As per the contact information, my email is josehelps@gmail.com, twitter: divious_1 and github divious1
Read more about Jose E. Hernandez

author image
Josh Diakun

Josh Diakun is an IT operations and security specialist with a focus on creating data-driven operational processes. He has over 10 years of experience managing and architecting enterprise-grade IT environments. For the past 7 years, he has been architecting, deploying and developing on Splunk as the core platform for organizations to gain security and operational intelligence. Josh is a founding partner at Discovered Intelligence, a company specializing in data intelligence services and solutions. He is also a co-founder of the Splunk Toronto User Group.
Read more about Josh Diakun

author image
Derek Mock

Derek Mock is a software developer and big data architect who specializes in IT operations, information security, and cloud technologies. He has 15 years' experience developing and operating large enterprise-grade deployments and SaaS applications. He is a founding partner at Discovered Intelligence, a company specializing in data intelligence services and solutions. For the past 6 years, he has been leveraging Splunk as the core tool to deliver key operational intelligence. Derek is based in Toronto, Canada, and is a co-founder of the Splunk Toronto User Group.
Read more about Derek Mock

author image
Paul R. Johnson

Paul R. Johnson has over 10 years of data intelligence experience in the areas of information security, operations, and compliance. He is a partner at Discovered Intelligence, a company specializing in data intelligence services and solutions. Paul previously worked for a Fortune 10 company, leading IT risk intelligence initiatives and managing a global Splunk deployment. Paul co-founded the Splunk Toronto User Group and lives and works in Toronto, Canada.
Read more about Paul R. Johnson

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages