Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Alert Script is not running?

shreyasj
New Member
‎05-05-2015 02:38 PM

I created an alert, it is working fine. When I echo into a "echo_output.sh" file, it works fine. When I'm trying to echo the same content on the console, nothing happens. When I manually execute the file ( instead of, from the splunk) it runs as expected.

Here is the link for another question, this question also has the same issue as my question.
http://answers.splunk.com/answers/92958/alert-script-not-running-splunk.html

I hope to get some help soon.

0 Karma
Reply

Yasaswy
Contributor
‎05-05-2015 04:52 PM

Hi, Splunk will launch scripts from within it's runtime env. Does your scripts run if you run them from splunk cmd line?

    cd  to splunk_home (wherever splunk is installed)
    cd bin
    ./splunk cmd path_to_your_script/echo_output.sh
0 Karma
Reply

shreyasj
New Member
‎05-05-2015 07:46 PM

Yes, I just checked. I get the expected output when I use "./splunk cmd path_to_your_script/echo_output.sh"

0 Karma
Reply

Yasaswy
Contributor
‎05-06-2015 06:13 AM

Ok. I might have misunderstood your question. Are to trying to send off an alert to STDOUT from within splunk (using splunk scheduler)?

0 Karma
Reply

shreyasj
New Member
‎05-06-2015 09:32 AM

I want to disable the input from the console when an alert is generated.

For disabling the output, I need to "cd to the directory" where input.conf file is present and change the "disable=false" to true. I want to do this using the script which runs when I get an alert. I need my script to work on the console.

0 Karma
Reply

Yasaswy
Contributor
‎05-07-2015 06:55 AM

If your use case is to disable an input (x) on a triggered alert (y)... are you using generic cmds to make this change (sed,awk etc ) or splunk CLI?
You are essentially trying to change a config that is already active within the session. Typically making such a change via CLI (eg: splunk edit monitor) would prompt for user and password. Additionally you need to have a way to reload the config after your change. Were you planning on use a REST call for this?

0 Karma
Reply

starcher
Influencer
‎05-06-2015 07:00 PM

Do you have the hashbang at the top of your script?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...