https://community.splunk.com/t5/Alerting/How-to-use-Splunkweb-alert-to-run-a-script-on-the-forwarder-to/m-p/414059#M7241 <P>No.. What I suggested was creating a script on your SH. Then have that script SSH to your forwarder and restart the service</P> Fri, 29 Jun 2018 18:40:20 GMT skoelpin 2018-06-29T18:40:20Z https://community.splunk.com/t5/Alerting/How-to-use-Splunkweb-alert-to-run-a-script-on-the-forwarder-to/m-p/414056#M7238 <P>Hi I have a service that reports to Splunk and some times fell over, is there any chance I can automate this by telling Splunk to run a scripted input on the forwarder level to restart a service, log it and feed the event to Splunk? <BR /> Thank you for any answers <BR /> Or is there any add on that would do that for Linux like HK Systems Management</P> Fri, 29 Jun 2018 13:31:21 GMT https://community.splunk.com/t5/Alerting/How-to-use-Splunkweb-alert-to-run-a-script-on-the-forwarder-to/m-p/414056#M7238 max_ruas 2018-06-29T13:31:21Z https://community.splunk.com/t5/Alerting/How-to-use-Splunkweb-alert-to-run-a-script-on-the-forwarder-to/m-p/414057#M7239 <P>This is probably not the best approach since its a temporary fix. But if you want to proceed then you should do something like this </P> <P>Put a script on your SH which will SSH to your forwarder then do a Splunk restart. Have an alert trigger this script when your service falls over</P> Fri, 29 Jun 2018 14:29:23 GMT https://community.splunk.com/t5/Alerting/How-to-use-Splunkweb-alert-to-run-a-script-on-the-forwarder-to/m-p/414057#M7239 skoelpin 2018-06-29T14:29:23Z https://community.splunk.com/t5/Alerting/How-to-use-Splunkweb-alert-to-run-a-script-on-the-forwarder-to/m-p/414058#M7240 <P>are you suggesting that in order to run a script on the forwarder I need to do a splunkforwarder restart? can you please clarify your answer?</P> Fri, 29 Jun 2018 14:48:18 GMT https://community.splunk.com/t5/Alerting/How-to-use-Splunkweb-alert-to-run-a-script-on-the-forwarder-to/m-p/414058#M7240 max_ruas 2018-06-29T14:48:18Z https://community.splunk.com/t5/Alerting/How-to-use-Splunkweb-alert-to-run-a-script-on-the-forwarder-to/m-p/414059#M7241 <P>No.. What I suggested was creating a script on your SH. Then have that script SSH to your forwarder and restart the service</P> Fri, 29 Jun 2018 18:40:20 GMT https://community.splunk.com/t5/Alerting/How-to-use-Splunkweb-alert-to-run-a-script-on-the-forwarder-to/m-p/414059#M7241 skoelpin 2018-06-29T18:40:20Z https://community.splunk.com/t5/Alerting/How-to-use-Splunkweb-alert-to-run-a-script-on-the-forwarder-to/m-p/414060#M7242 <P>Thanks for the answer I think is valid although Is not what I am looking for as its much more complex that it needs to be, I am looking for some thing like this.. I haven't got around to test yet but I'm hoping it works. <BR /> <A href="https://answers.splunk.com/answering/232172/view.html">https://answers.splunk.com/answering/232172/view.html</A> </P> Tue, 03 Jul 2018 06:18:14 GMT https://community.splunk.com/t5/Alerting/How-to-use-Splunkweb-alert-to-run-a-script-on-the-forwarder-to/m-p/414060#M7242 max_ruas 2018-07-03T06:18:14Z https://community.splunk.com/t5/Alerting/How-to-use-Splunkweb-alert-to-run-a-script-on-the-forwarder-to/m-p/414061#M7243 <P>I've found a solution on the forwarder app it self. on linux is under <BR /> cat /opt/splunkforwarder/bin/scripts/readme.txt<BR /> <STRONG>Scripts placed in this directory can be called by Alerts for execution</STRONG></P> <P>if you define your scheduled search as an alert, you can configure a script to be run whenever the alert is triggered. For security reasons, the scripts need to be placed in a specific folder like the above.<BR /> <A href="http://docs.splunk.com/Documentation/Splunk/6.2.2/Alert/Setupalertactions#Run_a_script_for_an_alert_action">http://docs.splunk.com/Documentation/Splunk/6.2.2/Alert/Setupalertactions#Run_a_script_for_an_alert_action</A> </P> Tue, 03 Jul 2018 06:30:01 GMT https://community.splunk.com/t5/Alerting/How-to-use-Splunkweb-alert-to-run-a-script-on-the-forwarder-to/m-p/414061#M7243 max_ruas 2018-07-03T06:30:01Z