I need help creating an alert action to run a simple bash script.
I created a custom app with a local/alert_actions.conf file. I have the script in the /opt/splunk/bin/scripts/ directory, but its not being called. I've tried the full path as well as the filename and I'm seeing the following errors both ways. I can run the script manually from the cli and it works fine. I'm wondering what I'm missing?
[test_custom_alert_action]
is_custom = 1
label = testing the custom alert action
description = Send splunk event data to a script
#alert.execute.cmd = /opt/splunk/bin/scripts/test-script-action.sh
alert.execute.cmd = test-script-action.sh
Errors
06-15-2021 16:33:11.603 -0500 ERROR sendmodalert - action=test_custom_alert_action - Failed to find alert.execute.cmd "test-script-action.sh".
and
06-15-2021 16:30:12.352 -0500 ERROR sendmodalert - action=test_custom_alert_action - Failed to find alert.execute.cmd "/opt/splunk/bin/scripts/test-script-action.sh".
I'll also need to add arguments to send results to the script. I know I'll need to use alert.execute.cmd.arg.0 but I figured I'd just get the script working first.