Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

Scripted Input Bash Script with date stamp

$
0
0
Hello, What is the best way to handle a scripted input so that it echo's the date in a format Splunk can interpret easiest? Currently I use the date command, example: echo "`date` permission=\"BLOCKED\" user=\"$item\"" It echos to stdout as: Sat Sep 24 08:30:32 EST 2016 permission="ALLOWED" user="root" In this case the EST is Australian (Sidney) timezone. cat /etc/sysconfig/clock ZONE="Australia/Sydney" UTC=true ARC=false Splunk search heads and indexers are in US time zones so I'm receiving "delayed" data whereby searching for this data for the last hour is actually data from many hours ago. How do I avoid this behavior for my international systems? Thank you.

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>