I am trying to configure alert that should run a script. Below are the contents of script.
sms-sending-api-0.0.1-SNAPSHOT.bat is file name fro my script.
"C:\Program Files\Java\jre1.8.0_144\bin\java.exe" -jar sms-sending-api-0.0.1-SNAPSHOT.jar
This is script I am calling via batch file(Since splunk takes batch file as windows script file)
When I set this script as alert my script is not executing via splunk alert call.However, if I double-click the script in scripts directory it gets executed without any issue.
Both script files have read and executed permissions for normal users.
I am getting following error again and again in my splunkd.log file.
Files\Splunk\var\run\splunk\dispatch\rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518169906_4356.1197\metadata.csv 02-09-2018 16:40:24.898 +0500 WARN DispatchReaper - Failed to read search info for id=rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518169906_4356.1198 02-09-2018 16:40:24.898 +0500 WARN DispatchSearchMetadata - could not read metadata file: C:\ProgramFiles\Splunk\var\run\splunk\dispatch\rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518169906_4356.1198\metadata.csv 02-09-2018 16:40:25.562 +0500 ERROR script - sid:rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518174087_0.689 command="runshellscript", Script: C:\Program Files\Splunk\bin\scripts\sms-sending-api-0.0.1-SNAPSHOT.bat exited with status code: 1 02-09-2018 16:40:28.610 +0500 ERROR script - sid:rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518174087_0.690 command="runshellscript", Script: C:\Program Files\Splunk\bin\scripts\sms-sending-api-0.0.1-SNAPSHOT.bat exited with status code: 1 02-09-2018 16:40:31.646 +0500 ERROR script sid:rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518174087_0.691 command="runshellscript", Script: C:\Program Files\Splunk\bin\scripts\sms-sending-api-0.0.1-SNAPSHOT.bat exited with status 1 02-09-2018 16:28:30.153 +0500 ERROR script - sid:rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518174087_0.469 command="runshellscript", Script: C:\Program Files\Splunk\bin\scripts\sms-sending-api-0.0.1-SNAPSHOT.bat exited with status 1
CAN someone help in why i am not able to execute this script?
Have you checked the "Is my alert script working?" section of this page?
Looks like you can execute the script from within the Splunk GUI using "somesearch here | runshellscript "
This might at least allow you to test easier.
Off the cuff, does the jar file produce a new window, or anything that might be a new element on the desktop when it is executed? This might be a problem if it is trying to execute in the background.
I ran following command to test my script\
index=main sourcetype=access_combined | stats count(eval(method="GET")) as GET | where GET>3 | runshellscript sms-sending-api-0.0.1-SNAPSHOT.bat [ search * | stats count | return count ] 2 3 4 5 6 7 /var/www
and it threw me same error that i saw in splunkd logs.
command="runshellscript", Script: C:\Program Files\Splunk\bin\scripts\sms-sending-api-0.0.1-SNAPSHOT.bat exited with status code: 1
Also when i double click my .bat file script it executes the jar file such that script inside jar file gets executed in same exe that is being called by clicking the .bat file.
However I tired another script file with following contents and it just ran fine with no errors.
REM This is text output
REM By Haris Khan,salman ahmed and john
REM This is my second line output
REM Script Name: cp01_scripted_input.bat
REM Description: A simple Batch script that will output a timestamp and
REM text to stdout for the purposes of demostrating how a scripted input
REM works in Splunk.
echo This is a test> C:\Users\Admin\Desktop\f1.txt
ECHO [%DATE% %TIME%] Welcome to the world of splunk This recipe tastes grreeaaattt!