Logd Input for the Splunk platform

#!/bin/bash # NOTE: This script is called by mod inputs framework for the logd # modular input scheme. It will simply use it to bootstrap the actual # logd binary, splunkd function do_scheme { # # splunk-logd.path bootstraps which command line to run for the actual # mod input executiion ### # # tells mod input framework to expect HEC/ModInputs formatted JSON to be output # by this mod input. This is a specific JSON language that is able to pass # structured fields into splunkd, and map them to appropriate keys in PipelineData ### cat < Logd Input for the Splunk platform This input collects data from logd on macOS and sends it to the Splunk platform. true json name logd-backtrace false false logd-debug false false logd-info false false logd-loss false false logd-signpost false false logd-predicate false false logd-process false false logd-source false false logd-include-fields false false logd-exclude-fields false false logd-interval false false logd-starttime false false logd-freetext false false END } ME=$(basename $0) usage() { echo "USAGE: $ME --scheme" >&2 exit 1 } if [ "$#" -ne 1 ]; then usage fi if [ "$1" == "--scheme" ] ; then do_scheme else usage fi