Our department needs to collect the serial numbers of all physical drives connected to all machines within our network. Since there are over 1000 hosts, we would like to be able to collect this information within Splunk on a fixed interval. Since the Splunk Add-On for Windows and Splunk Add-On for *nix doesn't contain this information, I've developed a Python script that can collect this for us. (A Powershell version for Windows will have to be developed.)
I've reviewed the documentation for [Scripted Inputs](http://docs.splunk.com/Documentation/Splunk/latest/AdvancedDev/ScriptSetup) but this appears to be a manual process for each host. The [Add-on Builder](http://docs.splunk.com/Documentation/AddonBuilder/2.2.0/UserGuide/Overview) also appears to be limited to just Splunk servers. I cannot, for the life of me, find a guide on how to create Add-ons for deployment with UniversalForwarders. I've even tried to review the Windows and *nix Add-Ons but they're very complex.
Can someone point me to any official documentation for creating Add-Ons that are compatible with UniversalForwarders, or to blog posts or any other kind of reference?
↧