@echo off setlocal REM ########################################################################### REM This script launches Splunk, passing in the hostname and Last Notify time REM of the event in the Smarts console, and another parameter to limit the REM events Splunk finds to within N minutes of the Last Notify time. REM REM The web browser used is the default browser associated with REM the http: protocol on your system. REM ########################################################################### REM Modify the following SPLUNK_HOST variable to point to your Splunk REM installation. set SPLUNK_HOST=SPLUNKHOST:8000 REM Modify the following MINUTES variable to limit the events found to within REM that number of minutes from the Last Notify time set MINUTES=1 REM Process each command line argument in turn... :CONVERT_TOOL_ARGS_TO_ENVARS if (%1) == () goto END__CONVERT_TOOL_ARGS_TO_ENVARS FOR /F "delims==, tokens=1,*" %%i in (%1) do set %%i=%%j REM discard leading (processed) parameter shift goto CONVERT_TOOL_ARGS_TO_ENVARS :END__CONVERT_TOOL_ARGS_TO_ENVARS REM Check for required parameters if "%SM_OBJ_InstanceName%" == "" ( echo Can not process request without SM_OBJ_InstanceName goto :ENDALL ) if "%SM_OBJ_LastNotifiedAt%" == "" ( echo Can not process request without SM_OBJ_LastNotifiedAt goto :ENDALL ) REM Convert Last Notify time format for use by Splunk REM Last Notify example: Mon Feb 26 13:12:51 PST 2007 REM Splunk time example: 02/26/2007:13:12:51 for /F "usebackq tokens=2,3,4,6" %%A in (`echo %SM_OBJ_LastNotifiedAt%`) do ( set mymonth=%%A set myday=%%B set mytime=%%C set myyear=%%D ) if "%mymonth%"=="Jan" set mymonth=01 if "%mymonth%"=="Feb" set mymonth=02 if "%mymonth%"=="Mar" set mymonth=03 if "%mymonth%"=="Apr" set mymonth=04 if "%mymonth%"=="May" set mymonth=05 if "%mymonth%"=="Jun" set mymonth=06 if "%mymonth%"=="Jul" set mymonth=07 if "%mymonth%"=="Aug" set mymonth=08 if "%mymonth%"=="Sep" set mymonth=09 if "%mymonth%"=="Oct" set mymonth=10 if "%mymonth%"=="Nov" set mymonth=11 if "%mymonth%"=="Dec" set mymonth=12 set ENDTIME=%mymonth%%%2F%myday%%%2F%myyear%%%3A%mytime% set SPLUNK_CMD=http://%SPLUNK_HOST%/?q=HOST%%3A%%3A%SM_OBJ_InstanceName%%%20endtime%%3A%%3A%ENDTIME%%%20searchtimespanminutes%%3A%%3A%MINUTES% echo Splunking HOST::%SM_OBJ_InstanceName%, URL %SPLUNK_CMD% start /b /min %SPLUNK_CMD% goto :ENDALL :ENDALL endlocal REM end of file