Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I configure a sms alert that can be executed via splunk alert call?

hariskhan
Explorer
‎02-09-2018 03:47 AM

Hi there,
I am trying to configure alert that should run a script. Below are the contents of script.
sms-sending-api-0.0.1-SNAPSHOT.bat is file name fro my script.

============start====================

"C:\Program Files\Java\jre1.8.0_144\bin\java.exe" -jar sms-sending-api-0.0.1-SNAPSHOT.jar

============END====================

sms-sending-api-0.0.1-SNAPSHOT.jar
This is script I am calling via batch file(Since splunk takes batch file as windows script file)

When I set this script as alert my script is not executing via splunk alert call.However, if I double-click the script in scripts directory it gets executed without any issue.
Both script files have read and executed permissions for normal users.
I am getting following error again and again in my splunkd.log file.

Files\Splunk\var\run\splunk\dispatch\rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518169906_4356.1197\metadata.csv
02-09-2018 16:40:24.898 +0500 WARN  DispatchReaper - Failed to read search info for id=rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518169906_4356.1198
02-09-2018 16:40:24.898 +0500 WARN  DispatchSearchMetadata - could not read metadata file: C:\ProgramFiles\Splunk\var\run\splunk\dispatch\rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518169906_4356.1198\metadata.csv

02-09-2018 16:40:25.562 +0500 ERROR script - sid:rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518174087_0.689 command="runshellscript", Script: C:\Program Files\Splunk\bin\scripts\sms-sending-api-0.0.1-SNAPSHOT.bat exited with status code: 1

02-09-2018 16:40:28.610 +0500 ERROR script - sid:rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518174087_0.690 command="runshellscript", Script: C:\Program Files\Splunk\bin\scripts\sms-sending-api-0.0.1-SNAPSHOT.bat exited with status code: 1
02-09-2018 16:40:31.646 +0500 ERROR script sid:rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518174087_0.691 command="runshellscript", Script: C:\Program Files\Splunk\bin\scripts\sms-sending-api-0.0.1-SNAPSHOT.bat exited with status  1

02-09-2018 16:28:30.153 +0500 ERROR script - sid:rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518174087_0.469 command="runshellscript", Script: C:\Program Files\Splunk\bin\scripts\sms-sending-api-0.0.1-SNAPSHOT.bat exited with status 1

CAN someone help in why i am not able to execute this script?

0 Karma
Reply

JDukeSplunk
Builder
‎02-09-2018 09:57 AM

Have you checked the "Is my alert script working?" section of this page?

https://wiki.splunk.com/Community:TroubleshootingAlertScripts

Looks like you can execute the script from within the Splunk GUI using "somesearch here | runshellscript "

This might at least allow you to test easier.

Off the cuff, does the jar file produce a new window, or anything that might be a new element on the desktop when it is executed? This might be a problem if it is trying to execute in the background.

Just guessing.
_JD

0 Karma
Reply

hariskhan
Explorer
‎02-09-2018 07:35 PM

Hi ,
I ran following command to test my script\

index=main sourcetype=access_combined | stats count(eval(method="GET")) as GET | where GET>3 | runshellscript sms-sending-api-0.0.1-SNAPSHOT.bat [ search * | stats count | return count ] 2 3 4 5 6 7 /var/www

and it threw me same error that i saw in splunkd logs.

command="runshellscript", Script: C:\Program Files\Splunk\bin\scripts\sms-sending-api-0.0.1-SNAPSHOT.bat exited with status code: 1

Also when i double click my .bat file script it executes the jar file such that script inside jar file gets executed in same exe that is being called by clicking the .bat file.

0 Karma
Reply

hariskhan
Explorer
‎02-09-2018 07:44 PM

However I tired another script file with following contents and it just ran fine with no errors.
===============START===============
REM
REM This is text output
REM By Haris Khan,salman ahmed and john
REM This is my second line output
REM
REM Script Name: cp01_scripted_input.bat
REM Description: A simple Batch script that will output a timestamp and
REM text to stdout for the purposes of demostrating how a scripted input
REM works in Splunk.
REM

echo This is a test> C:\Users\Admin\Desktop\f1.txt
@ECHO OFF

ECHO [%DATE% %TIME%] Welcome to the world of splunk This recipe tastes grreeaaattt!

===============END===============

0 Karma
Reply

hariskhan
Explorer
‎02-10-2018 04:25 AM

Can anybody help how may i sort this out?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...