Custom alert action to execute script

Path Finder

I need help creating an alert action to run a simple bash script. 

I created a custom app with a local/alert_actions.conf file. I have the script in the /opt/splunk/bin/scripts/ directory, but its not being called. I've tried the full path as well as the filename and I'm seeing the following errors both ways. I can run the script manually from the cli and it works fine. I'm wondering what I'm missing? 



is_custom = 1
label = testing the custom alert action
description = Send splunk event data to a script
#alert.execute.cmd = /opt/splunk/bin/scripts/
alert.execute.cmd =






06-15-2021 16:33:11.603 -0500 ERROR sendmodalert - action=test_custom_alert_action - Failed to find alert.execute.cmd "".


06-15-2021 16:30:12.352 -0500 ERROR sendmodalert - action=test_custom_alert_action - Failed to find alert.execute.cmd "/opt/splunk/bin/scripts/".




I'll also need to add arguments to send results to the script. I know I'll need to use alert.execute.cmd.arg.0 but I figured I'd just get the script working first. 

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...