Videos

  • Add Videos
  • View All

Latest Activity

Profile Icon
Greg Vallenari is now a member of splunkninja Sunday
Welcome Them!
Profile Icon
Mike Hartford commented on Michael Wilde's video
Got it thanks
Thumbnail

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Feb 8
Profile Icon
Michael Wilde commented on Michael Wilde's video
Sure...  When you do group mapping, map them to groups that don't have the domain admins in them.  I have a separate OU=Groups that has "Splunk Users, Splunk Admins, Splunk Power Users" as group names, and specific users…
Thumbnail

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Feb 8
Profile Icon
Mike Hartford commented on Michael Wilde's video
I want to give LDAP access to my splunk servcie but I don't want the LDAP users to have admin capabilitys in Splunk.  Can I keep the domain admins out of Splunk if I have LDAP authentication???
Thumbnail

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Feb 7
Profile Icon
Mike Hartford left a comment for Jonathan Hawes
Helow Jonathan,   Glad to have another Splunker.  I've been useing Splunk for 2 years and am hooked.  I leared how to spell splunk and | transaction too.  you'll learn that one soon.   Go over to Splunk…
Feb 7
Profile Icon
Mike Hartford commented on Mike Hartford's blog post 'tees for the holy day'
  Holy Batskins Ninja, zzzzzwap zgruppp kapow a hidden stash, how great is that!!!!   The team that found them must have special bat senses and highly tooned Splunking skills   I like to wear Extra Lovable…
Feb 7
Profile Icon
Learning, learning, learning . . . Our Splunk "expert" is gone, and the non-programmer gets to learn the task! How do you spell SPLUNK?
Status posted by Jonathan Hawes Feb 7
0 Comments
Profile Icon
Jonathan Hawes is now a member of splunkninja Feb 7
Welcome Them!
Takamasa Sasaki

Need help with scripted input for remote network device

I want to index result of command on remote network device. I understand that App "splunk for unix" can index result of statistics command such as "top", "ps" ,"vmstat". This App is useful when I index result of the command on the localhost, not remote server. My current target network device can not be installed as splunk forwarder either, so I am looking for the method to achieve my purpose.

I developed a script which log in the remote network device and execute a certain command. When I use this as scripted input on splunk indexer, splunk index all the operation including login process although I just want to index the result of specified command.

I would appreciate if anybody share with me solution for this.

Views: 47

Reply to This

Replies to This Discussion

Michael WildePermalink Reply by Michael Wilde on March 11, 2010 at 1:24pm
Takamasa...

Can you give me a sample of the whole output that splunk is indexing... if you have control over the output, there are some "header commands" you can insert into the script to control how indexing happens...

More details, more answers!
Takamasa SasakiPermalink Reply by Takamasa Sasaki on March 11, 2010 at 11:18pm
Thank you for prompt reply. Please let me explain what I am doing. There are three steps to index result of a command on the remote network device.

1. Splunk execute following shell script every 300 seconds as scripted input.

#!/bin/bash
#
/usr/bin/expect $SPLUNK_HOME/etc/apps/search/bin/sample-expect 172.16.xx.xx yyyy zzzz


2. Then, the expect script "sample-expect" is executed.
Please note that I am using "expect" in order to log in remote network device and execute specified command on the device. In the expect shell, I am using "puts $expect_out(buffer)" in order to output the result of specified command and index them by splunk.

3. Following is the whole output that splunk indexed.
I do not need first two lines and last line that is command prompt. What I want to do is to avoid indexing these lines.

##################################################################
show arp table
Ethernet-switching table: 514 entries, 500 learned
VLAN MAC address Type Age Interfaces
ADMIN * Flood - All-members
ADMIN 00:17:cb:8b:20:xx Learn 1:55 ae0.0
ADMIN b0:c6:9a:6c:2d:xx Learn 2:37 ae0.0
ADMIN b0:c6:9a:6c:76:xx Static - Router
ADMIN b0:c6:9a:6c:78:xx Learn 3:05 ae0.0
ADMIN b0:c6:9a:6c:83:xx Learn 0 ae0.0
ADMIN b0:c6:9a:6c:83:xx Learn 0 ae0.0
BRIDGE * Flood - All-members
BRIDGE 00:17:c5:14:b9:xx Learn 0 ae0.0
user1@xxxxyy-1>
##################################################################

I would appreciate if you give me advice to achieve my purpose.
Takamasa SasakiPermalink Reply by Takamasa Sasaki on March 17, 2010 at 9:26am
Please let me know if I need to explain more details. Thank you for your assistance.

RSS

© 2012   Created by Michael Wilde.

Badges  |  Report an Issue  |  Terms of Service