https://community.splunk.com/t5/Getting-Data-In/Why-is-my-script-exiting-with-code-1-on-enterprise-security-app/m-p/340734#M62844 <P>My bad for not pointing this...<BR /> 1. in my origin script /bin/bash is as expected (without )<BR /> 2. curl command is not 'echo'ed. i forgot to remove it while copy-paste here.</P> <P>sorry.<BR /> anyway, you actually see -o output while splunk runs the script.</P> <P>any other ideas what is the BIG diff between splunk and cli?</P> Thu, 01 Feb 2018 22:08:36 GMT OBsecurity 2018-02-01T22:08:36Z https://community.splunk.com/t5/Getting-Data-In/Why-is-my-script-exiting-with-code-1-on-enterprise-security-app/m-p/340732#M62842 <P>Hello Folks.<BR /> I've created a script that should initiate 'HIPCHAT' messaging application api's.<BR /> While running the script (on the es machine) via cli it works fine. After 3 days of workarounds - ES 'run a script' action runs the script and fails with exit code 1 no matter what I've tried.</P> <P>This is the command for the api. </P> <PRE><CODE>/usr/bin/curl -H 'Content-Type: application/json' -X 'POST' -d '{"message_format": "text", "message": "Threat - hipchat - Rule"}' 'https://api.hipchat.com/v2/room/4415200/notification?auth_token=mytoken' </CODE></PRE> <P>this is the script: </P> <PRE><CODE>\#!/bin/bash ROOM_ID=4415200 AUTH_TOKEN=mytoken curl="'""Content-Type: application/json""'" echo curl=$curl &gt;&gt; "/opt/splunk/bin/scripts/splunk-hiptest.out" post="'""POST""'" echo post=$post &gt;&gt; "/opt/splunk/bin/scripts/splunk-hiptest.out" MESSAGE="'""{\"message_format\": \"text\", \"message\": \"$4\"}""'" echo message=$MESSAGE &gt;&gt; "/opt/splunk/bin/scripts/splunk-hiptest.out" url="'""https://api.hipchat.com/v2/room/4415200/notification?auth_token=mytoken""'" echo url=$url &gt;&gt; "/opt/splunk/bin/scripts/splunk-hiptest.out" echo curl -H $curl \ -X $post \ -d $MESSAGE \ $url &gt;&gt; "/opt/splunk/bin/scripts/splunk-hiptest.out" echo curl_exit_code = $? &gt;&gt; "/opt/splunk/bin/scripts/splunk-hiptest.out" </CODE></PRE> <P>Workarounds</P> <OL> <LI>tried to run a script with a single command row.</LI> <LI>tried to build the command with\without args.</LI> </OL> <P>please help <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><BR /> Thanks!</P> Wed, 31 Jan 2018 10:35:08 GMT https://community.splunk.com/t5/Getting-Data-In/Why-is-my-script-exiting-with-code-1-on-enterprise-security-app/m-p/340732#M62842 OBsecurity 2018-01-31T10:35:08Z https://community.splunk.com/t5/Getting-Data-In/Why-is-my-script-exiting-with-code-1-on-enterprise-security-app/m-p/340733#M62843 <P>You can change to</P> <PRE><CODE> \#!/bin/bash </CODE></PRE> <P>To </P> <PRE><CODE>#!/bin/bash </CODE></PRE> <P>And</P> <PRE><CODE> echo curl -H $curl \ -X $post \ -d $MESSAGE \ $url &gt;&gt; "/opt/splunk/bin/scripts/splunk-hiptest.out" </CODE></PRE> <P>Should be</P> <PRE><CODE>curl -H $curl \ -X $post \ -d $MESSAGE \ -o "/opt/splunk/bin/scripts/splunk-hiptest.out" \ $url curl_exit_code=$? echo $curl_exit_code &gt;&gt; /opt/splunk/bin/scripts/splunk-hiptest.out exit $curl_exit_code </CODE></PRE> Thu, 01 Feb 2018 09:51:26 GMT https://community.splunk.com/t5/Getting-Data-In/Why-is-my-script-exiting-with-code-1-on-enterprise-security-app/m-p/340733#M62843 jeanyvesnolen 2018-02-01T09:51:26Z https://community.splunk.com/t5/Getting-Data-In/Why-is-my-script-exiting-with-code-1-on-enterprise-security-app/m-p/340734#M62844 <P>My bad for not pointing this...<BR /> 1. in my origin script /bin/bash is as expected (without )<BR /> 2. curl command is not 'echo'ed. i forgot to remove it while copy-paste here.</P> <P>sorry.<BR /> anyway, you actually see -o output while splunk runs the script.</P> <P>any other ideas what is the BIG diff between splunk and cli?</P> Thu, 01 Feb 2018 22:08:36 GMT https://community.splunk.com/t5/Getting-Data-In/Why-is-my-script-exiting-with-code-1-on-enterprise-security-app/m-p/340734#M62844 OBsecurity 2018-02-01T22:08:36Z