https://community.splunk.com/t5/Alerting/execute-a-powershell-scipt-based-on-an-alert/m-p/188636#M3176 <P>You can create a search alert, setup the conditions, and the schedule.<BR /> Then in the actions options specify "trigger a shell script" to call.</P> <P>see the documentation on how to pass arguments to the script :<BR /> <A href="http://docs.splunk.com/Documentation/Splunk/6.1.3/Alert/Configuringscriptedalerts">http://docs.splunk.com/Documentation/Splunk/6.1.3/Alert/Configuringscriptedalerts</A><BR /> and <A href="http://wiki.splunk.com/Community:TroubleshootingAlertScripts">http://wiki.splunk.com/Community:TroubleshootingAlertScripts</A></P> <P>For powershell, you may need to change the system policy settings to allow splunk to unsigned scripts run it.<BR /> see <A href="http://technet.microsoft.com/en-us/library/hh849812.aspx">http://technet.microsoft.com/en-us/library/hh849812.aspx</A></P> Wed, 20 Aug 2014 16:19:33 GMT yannK 2014-08-20T16:19:33Z https://community.splunk.com/t5/Alerting/execute-a-powershell-scipt-based-on-an-alert/m-p/188635#M3175 <P>I would like to execute a powershell script based on a search SPLUNK result. if the condition is 1111 run this powershell command. This must be PS 2.0 </P> Wed, 20 Aug 2014 14:25:57 GMT https://community.splunk.com/t5/Alerting/execute-a-powershell-scipt-based-on-an-alert/m-p/188635#M3175 jsdao 2014-08-20T14:25:57Z https://community.splunk.com/t5/Alerting/execute-a-powershell-scipt-based-on-an-alert/m-p/188636#M3176 <P>You can create a search alert, setup the conditions, and the schedule.<BR /> Then in the actions options specify "trigger a shell script" to call.</P> <P>see the documentation on how to pass arguments to the script :<BR /> <A href="http://docs.splunk.com/Documentation/Splunk/6.1.3/Alert/Configuringscriptedalerts">http://docs.splunk.com/Documentation/Splunk/6.1.3/Alert/Configuringscriptedalerts</A><BR /> and <A href="http://wiki.splunk.com/Community:TroubleshootingAlertScripts">http://wiki.splunk.com/Community:TroubleshootingAlertScripts</A></P> <P>For powershell, you may need to change the system policy settings to allow splunk to unsigned scripts run it.<BR /> see <A href="http://technet.microsoft.com/en-us/library/hh849812.aspx">http://technet.microsoft.com/en-us/library/hh849812.aspx</A></P> Wed, 20 Aug 2014 16:19:33 GMT https://community.splunk.com/t5/Alerting/execute-a-powershell-scipt-based-on-an-alert/m-p/188636#M3176 yannK 2014-08-20T16:19:33Z https://community.splunk.com/t5/Alerting/execute-a-powershell-scipt-based-on-an-alert/m-p/188637#M3177 <P>Thanks I believe the second part is what I have been struggling with. </P> Wed, 20 Aug 2014 16:28:56 GMT https://community.splunk.com/t5/Alerting/execute-a-powershell-scipt-based-on-an-alert/m-p/188637#M3177 jsdao 2014-08-20T16:28:56Z https://community.splunk.com/t5/Alerting/execute-a-powershell-scipt-based-on-an-alert/m-p/188638#M3178 <P>Thanks for the suggestion, but unfortunatly non of these worked</P> Thu, 21 Aug 2014 11:10:42 GMT https://community.splunk.com/t5/Alerting/execute-a-powershell-scipt-based-on-an-alert/m-p/188638#M3178 jsdao 2014-08-21T11:10:42Z https://community.splunk.com/t5/Alerting/execute-a-powershell-scipt-based-on-an-alert/m-p/188639#M3179 <P>I am looking for a way to run PS script directly from alert actions. I couldn't find a way to do it except running a bat script to call my powershell script. If anybody find a way to resolve this, please share <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 08 Jun 2016 16:31:21 GMT https://community.splunk.com/t5/Alerting/execute-a-powershell-scipt-based-on-an-alert/m-p/188639#M3179 axl88 2016-06-08T16:31:21Z