HTTP/2 200 date: Thu, 24 Jul 2025 17:35:10 GMT content-type: text/html; charset=UTF-8 server: Apache set-cookie: Apache=a0d2d92e.63ab03f4be0e6; path=/; expires=Fri, 20-Jul-40 17:35:10 GMT; domain=.splunk.com x-frame-options: SAMEORIGIN strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff set-cookie: PHPSESSID=b3d12cc6984e3da065783163f9a847e8; path=/ expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache set-cookie: ponydocs_session=b3d12cc6984e3da065783163f9a847e8; path=/; secure; HttpOnly x-xss-protection: 1; mode=block referrer-policy: strict-origin-when-cross-origin

scripted input

scripted input

noun

An executable script that feeds event data to a Splunk Enterprise instance from APIs and other remote data interfaces and message queues. Use scripted inputs to index the data or to prepare data from a nonstandard source so that events and extracted fields can be properly parsed. You can use shell scripts, python scripts, Windows batch files, PowerShell, or any other utility that can format and stream the data that you want to index. You can stream the data or write the data from a script to a file.

Use scripted inputs to get data from Active Directory, WMI (Windows Management Interface), Registry, and other Windows data sources. You can also download additional apps from Splunk Apps that use scripted inputs to enable data collection from other applications.

For more information

In Getting Data In:

• Get data from APIs and other remote data interfaces through scripted inputs

On the Splunk Developer Portal:

• Create custom data inputs for Splunk Cloud Platform or Splunk Enterprise

Retrieved from "https://docs.splunk.com/index.php?title=Splexicon:Scriptedinput&oldid=1357630"

• *
• A
• B
• C
• D
• E
• F
• G
• H
• I
• J
• K
• L
• M
• N
• O
• P
• R
• S
• T
• U
• V
• W

*

• *nix

A

• action
• ad hoc search
• ad hoc search head
• ad-hoc risk entry
• adaptive response action
• add-on
• agent
• agent management
• agent manager

• alert
• alert action
• alias
• allow list
• analytic stories
• annotations
• app
• app key value store
• app manifest

• archiving
• artifact
• asset
• attribute
• audit event
• audit index
• automatic key value field extraction

B

• base search
• blacklist (no longer in use)

• Bloom filter
• bucket

• bucket fixing
• Build Event Type utility

C

• cache manager
• calculated field
• capability
• captain
• character set encoding
• cluster
• clustering
• collection

• command-line interface
• command-line tool
• Common Information Model (CIM)
• complete
• component
• conditional routing
• conf file
• configuration bundle

• configuration file
• connector
• constraint
• contributing event
• correlation search
• counter metric

D

• dashboard
• dashboard editor
• data cloning
• data distribution
• data model
• data model acceleration
• data model dataset
• Data Model Editor
• data orchestrator
• data pipeline
• data routing

• data series
• dataset
• dataset processing command
• decommissioning
• default field
• default group
• deny list
• deployer
• deployment
• deployment app
• deployment client

• deployment server
• detection
• dimension
• disposition
• Distributed management console
• distributed search
• distribution
• drilldown
• dynamic captain

E

• embedded report
• enclaves
• enforcement
• Enterprise support
• entity zone

• event
• event annotation
• event data
• event pattern
• event processing

• event type
• event type builder
• extend (dataset)
• external data
• extracted field

F

• federated index
• federated provider
• federated search
• federated search head
• field
• field aliasing
• field discovery

• field extraction
• field extractor
• file system change monitor
• filtering
• finalize
• fishbucket
• form

• forwarder
• forwarder management
• forwarding
• forwarding license
• fschange

G

• gateway forwarder
• generating command

• generation
• generation ID

• Global support

H

• heavy forwarder
• high performance analytics store

• historical search
• host

• hybrid search

I

• identity
• incident
• incident type
• index
• index files
• index parallelization
• index replication
• index time
• indexed field
• indexed real-time search
• indexer

• indexer acknowledgment
• Indexer cluster
• indexer cluster node
• indexer clustering
• indexer discovery
• indexQueue
• indicator
• inline field extraction
• input
• Inputs Data Manager
• instance

• instrumentation
• intelligence workflow
• intention
• intermediate forwarder
• intermediate reducer
• internal field
• investigation
• investigation status
• IT data

J

• job

• job inspector

K

• key indicator searches
• key indicators
• knowledge

• knowledge bundle
• knowledge manager
• knowledge object

• KV store
• KV store captain

L

• lexicon
• license
• license group
• license manager
• license master (no longer in use)

• license peer
• license pool
• license slave (no longer in use)
• license stack
• light forwarder

• load balancing
• logging verbosity
• lookup
• lookup definition

M

• major breaker
• manager node
• master node (no longer in use)
• measurement
• metric
• metric data point

• metric time series
• minor breaker
• modular input
• module (ITSI)
• module (SOAR)
• module (SPL2)

• monitor
• monitoring console
• multiline event
• multisite indexer cluster
• multivalue field

N

• non-searchable
• non-streaming command

• normalized score
• notable event

• nullQueue

O

• object
• observable

• orchestrating command
• output group

P

• Packaging Toolkit
• panel
• panel type
• parallel reduce
• parsing
• parsingQueue
• partitioning
• passthru score
• peer node

• per-result alert
• permissions
• persistent queue
• pipe operator
• pipeline set
• pivot
• Pivot Editor
• platform alert
• playbook

• playbook editor
• prebuilt panel
• premium search head
• primacy
• primary
• Priority score
• punct

R

• rawdata journal
• real-time alert
• real-time search
• realm
• receiver
• receiving
• receiving port
• reduced bucket
• relative search
• relative time modifier
• replicated data

• replication factor
• replication port
• report
• report acceleration
• reporting command
• required text
• response action
• response plan
• response template
• REST API
• result

• risk factor
• risk factor editor
• risk message
• risk modifier
• risk notable
• risk object
• risk rule
• risk score
• role
• rolling-window alert

S

• saved search
• scheduled alert
• scheduled report
• scheduled search
• scheduler
• scripted authentication
• scripted input
• search
• search affinity
• Search app
• search artifact
• search assistant
• search execution directive
• search factor
• search field
• search filter
• search head
• search head cluster
• search head cluster captain
• search head cluster member
• search head clustering
• search head pooling
• search head targeting
• search job
• Search Job Inspector

• search macro
• search management
• search mode
• search peer
• search peer replication
• Search Processing Language
• search scheduler
• search time
• search timeline
• search view
• searchability
• searchable
• segment
• send to background
• sequence template
• series
• server
• server class
• Settings
• SignalFlow
• SignalFx Smart Agent receiver
• Simple XML
• single-instance deployment
• single-site indexer cluster
• SmartStore

• source
• source type
• span
• span tag
• SPL
• SPL2
• SPL2 statement
• Splunk Answers
• Splunk Distribution of OpenTelemetry Collector
• Splunk OpenTelemetry Collector
• Splunk platform
• Splunk UI
• Splunk Web
• Splunk Web Framework
• Splunkbase
• splunkd
• SplunkJS Stack
• stack mode
• standalone search head
• stanza
• static captain
• streaming command
• subsearch
• summary index

T

• table dataset
• Table Editor
• table-chart drilldown
• tag
• target group
• threat match searches
• threat object
• throttle
• time accelerator
• time range picker

• time range window
• time series
• time-series index file
• timeline
• timeline view
• timestamp
• timezone offset
• token
• trace
• transaction

• transaction type
• transform
• transform field extraction
• transforming command
• transforming search
• tsidx file
• tsidx reduction
• tsidx retention policy
• typelearner

U

• universal forwarder
• upstream

• urgency
• user authentication

V

• valid

• view

• visualization

W