Splunk Dispatch Script

______________________________________________________________________________________________________

Script examples written by Travis Hutchings

thutch901@gmail.com

971.226.6732

Splunk Dispatch Directory count and size. If it gets above 2000 entries it stops forwarding.

_______________________________________________________

Command Examples for Dispatch CLI options.

df -h $SPLUNK_HOME/var/run/dispatch

cd  $SPLUNK_HOME/var/run/dispatch

ls -l | head -4

ls -l tail -4

Script Example for Dispatch Alert Cron Script

#!/bin/bash

#Version: 1.2

#Owner: Optiv NGSOC

#Document Purpose: Pull list of all active log sources in the last week and email them to appropriate recipients

clientName="Your Company"

emailFrom="Splunk_Dispatch_rp.as@yourco.com"

emailTo="systemadmins@yourco.com"

listFile="/splunk/scripts/dispatch_length.csv"

bodyFile="/splunk/scripts/dispatch_length.txt"

Echo "Dispatch Directory Progress" >> $listFile

ls -l $SPLUNK_HOME/var/run/dispatch | head -6' >> $listFile

ls -l $SPLUNK_HOME/var/run/dispatch | | tail -6' >> $listFile

Echo "Dispatch Directory Number of Entries" >> $listFile

ls -l $SPLUNK_HOME/var/run/dispatch | wc -l >> $listFile

cat  $listFile >> $bodyFile

/bin/mail -s "Dispatch Directory Progress and Entries" -r "$emailFrom" -a "$listFile" $emailTo < /splunk/scripts/dispatch_length.txt

rm /splunk/scripts/dispatch_length.csv

rm x/splunk/scripts/dispatch_length.txt