Alerting
Highlighted

ERROR ScriptRunner - stderr from 'C:\Splunk\etc\apps\search\bin\runshellscript.py': ImportError: No module named site

Engager

I config a scripted alert, then i put the myalert.py into $SPLUNK_HOME\bin\scripts. But when alert is trigger, the script execute error(in splunkd.log):
ERROR ScriptRunner - stderr from 'C:\Splunk\etc\apps\search\bin\runshellscript.py': ImportError: No module named site

Splunk Version is 4.3.0
Why?

Thanks lots.

SavedSearch:
[WebServerMini-alert-script]
action.email.inline = 1
action.email.reportServerEnabled = 0
action.script = 1
action.script.filename = myalert.py
alert.digestmode = True
alert.severity = 4
alert.suppress = 0
alert.suppress.period = 5s
alert.track = 1
counttype = number of events
cron
schedule = * * * * *
dispatch.earliesttime = -1m@m
dispatch.latest
time = @m
displayview = flashtimeline
enableSched = 1
quantity = 0
relation = greater than
request.uidispatchview = flashtimeline
search = index=fschangemonitor sourcetype="WINSERVER1-Web-Mini"
vsid = gz0wf600

myalert.py:
import sys

f = open("argv.txt", "w")
for var in sys.argv:
f.write(var + "\n")
f.close()

Tags (2)
0 Karma
Highlighted

Re: ERROR ScriptRunner - stderr from 'C:\Splunk\etc\apps\search\bin\runshellscript.py': ImportError: No module named site

Engager

I solved the question.

I put the myalert.py into the %SPLUNKHOME%\etc\app\search\bin directory, then edit the %SPLUNKHOME%\etc\app\search\default\commands.conf, add the following section:

[myalert]
filename = myalert.py

then the script running correct where the alert is triggered.

0 Karma