Scripted inputs allow you to run a piece of code on a scheduled basis and capture the output as if it were simply being written to a file. It does not matter what language the script is written in, or where it lives, as long as it is executable.
We touched on this topic in the Using scripts to gather data section in Chapter 12, Advanced Deployments. Let's write a few more examples.
One common problem with script output is the lack of a predictable date or date format. In this situation, the easiest thing to do is to tell Splunk not to try to parse a date at all and instead use the current date. Let's make a script that lists open network connections:
from subprocess import Popen from subprocess import PIPE from collections import defaultdict import re def add_to_key(fieldname, fields): return " " + fieldname + "+" + fields[fieldname] output = Popen("netstat -n -p tcp", stdout=PIPE, shell=True).stdout.read...