1、cd /opt/splunk/etc/system/bin
cd /opt/splunk/bin/scripts/(默認目錄)
vi 4444.sh
#!/bin/sh
/usr/bin/vmstat
chmod +x ./4444.sh
2. vi /opt/splunk/etc/system/local/inputs.conf
增加如下內容:
[script:///opt/splunk/etc/system/bin/4444.sh]
sourcetype= 333
interval= 30
3.重啓Splunk服務,等30秒,搜索sourcetype=333