On 6 oct. 2014, at 14:01, Mark Martinec <[email protected]> wrote:
>> After some testing, it appears the script won't quit. That's a problem >> for Splunk as it waits for a clean return from the script to process >> data. >> How should I edit the script to make sure it quits cleanly after >> pulling redis records? > > No, it doesn't quit, it produces a *continuous* stream of JSON records > on stdout, one per line. As these records are steadily being produced > by amavisd child processes, why would a pulling program want to terminate? > > Admittedly I don't know much about Splunk. Perhaps somebody else > can fill in the misunderstanding gap. Further testing yields to a positive result. Script behaves flawlessly, Splunk won't show new events immediately, but will eventually index and display them (probably because it's a very low traffic MX server). Thanks Mark for the great work. regards, Patrick PRONIEWSKI -- Responsable pôle Opérations - DSI - Université Lumière Lyon 2 Responsable Sécurité des Systèmes d'Information
