Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Getting error when trying to set up an alert for starting a Python script.

msevcik
Explorer
‎06-01-2020 11:31 AM

I am trying to set up an alert that runs a script after finding a result. For some reason, we see this error each time we try to run the script:

06-01-2020 13:20:09.091 -0500 ERROR ModularUtility - Specified filename "/opt/splunk/etc/apps/TA-S3Deleter/bin/s3_file_deleter.py" not found in search path.

06-01-2020 13:20:09.091 -0500 ERROR sendmodalert - action=s3_file_deleter - Failed to find alert.execute.cmd "/opt/splunk/etc/apps/TA-S3Deleter/bin/s3_file_deleter.py".

Here is how the alert_actions.conf is set up:

[s3_file_deleter]
is_custom = 1
label = S3 File Deleter
description = This action passes along a value in filePath to a python script that will delete a file in an S3 bucket.
payload_format = json
alert.execute.cmd = /opt/splunk/etc/apps/TA-S3Deleter/bin/s3_file_deleter.py

The script definitely exists in that directory. I've reviewed a lot of the documentation on this, and there is no good example for simply running a python script. Any insight would be greatly appreciated. Thanks.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎06-01-2020 02:12 PM

Splunk does not allow random file paths in script commands. Just specify the name of the .py file in alert.execute.cmd and Splunk will fill in the rest.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎06-01-2020 02:12 PM

Splunk does not allow random file paths in script commands. Just specify the name of the .py file in alert.execute.cmd and Splunk will fill in the rest.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

msevcik
Explorer
‎06-01-2020 02:36 PM

Thank you, Rich, that definitely got it to run. The python script checks for the --execute flag and shuts down if it doesn't see it. We modeled it after a Splunk example python script. Any idea how we should be passing the different arguments to the script? I just want to alert on a certain event and pass along a value from one of fields in that event. Let me know if I need to start a new Splunk Answer. Thanks again.

0 Karma
Reply
Solved! Jump to solution

msevcik
Explorer
‎06-01-2020 02:46 PM

Nevermind, I think I found where you can define the arguments sent to the script here: https://docs.splunk.com/Documentation/Splunk/8.0.3/AdvancedDev/CustomAlertScript

[myjavaaction]
. . .
alert.execute.cmd = java.path
alert.execute.cmd.arg.0 =  -jar
alert.execute.cmd.arg.1 = $SPLUNK_HOME/etc/apps/myapp/bin/my.jar
alert.execute.cmd.arg.2 = --execute
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...