Alerting

How can I configure a sms alert that can be executed via splunk alert call?

Explorer

Hi there,
I am trying to configure alert that should run a script. Below are the contents of script.
sms-sending-api-0.0.1-SNAPSHOT.bat is file name fro my script.

============start====================

"C:\Program Files\Java\jre1.8.0_144\bin\java.exe" -jar sms-sending-api-0.0.1-SNAPSHOT.jar

============END====================

sms-sending-api-0.0.1-SNAPSHOT.jar
This is script I am calling via batch file(Since splunk takes batch file as windows script file)

When I set this script as alert my script is not executing via splunk alert call.However, if I double-click the script in scripts directory it gets executed without any issue.
Both script files have read and executed permissions for normal users.
I am getting following error again and again in my splunkd.log file.

Files\Splunk\var\run\splunk\dispatch\rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518169906_4356.1197\metadata.csv
02-09-2018 16:40:24.898 +0500 WARN  DispatchReaper - Failed to read search info for id=rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518169906_4356.1198
02-09-2018 16:40:24.898 +0500 WARN  DispatchSearchMetadata - could not read metadata file: C:\ProgramFiles\Splunk\var\run\splunk\dispatch\rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518169906_4356.1198\metadata.csv

02-09-2018 16:40:25.562 +0500 ERROR script - sid:rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518174087_0.689 command="runshellscript", Script: C:\Program Files\Splunk\bin\scripts\sms-sending-api-0.0.1-SNAPSHOT.bat exited with status code: 1

02-09-2018 16:40:28.610 +0500 ERROR script - sid:rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518174087_0.690 command="runshellscript", Script: C:\Program Files\Splunk\bin\scripts\sms-sending-api-0.0.1-SNAPSHOT.bat exited with status code: 1
02-09-2018 16:40:31.646 +0500 ERROR script sid:rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518174087_0.691 command="runshellscript", Script: C:\Program Files\Splunk\bin\scripts\sms-sending-api-0.0.1-SNAPSHOT.bat exited with status  1

02-09-2018 16:28:30.153 +0500 ERROR script - sid:rt_scheduler__admin__search__RMD5bd56850edde83432_at_1518174087_0.469 command="runshellscript", Script: C:\Program Files\Splunk\bin\scripts\sms-sending-api-0.0.1-SNAPSHOT.bat exited with status 1

CAN someone help in why i am not able to execute this script?

0 Karma

Builder

Have you checked the "Is my alert script working?" section of this page?

https://wiki.splunk.com/Community:TroubleshootingAlertScripts

Looks like you can execute the script from within the Splunk GUI using "somesearch here | runshellscript "

This might at least allow you to test easier.

Off the cuff, does the jar file produce a new window, or anything that might be a new element on the desktop when it is executed? This might be a problem if it is trying to execute in the background.

Just guessing.
_JD

0 Karma

Explorer

Hi ,
I ran following command to test my script\

index=main sourcetype=access_combined | stats count(eval(method="GET")) as GET | where GET>3 | runshellscript sms-sending-api-0.0.1-SNAPSHOT.bat [ search * | stats count | return count ] 2 3 4 5 6 7 /var/www

and it threw me same error that i saw in splunkd logs.

command="runshellscript", Script: C:\Program Files\Splunk\bin\scripts\sms-sending-api-0.0.1-SNAPSHOT.bat exited with status code: 1

Also when i double click my .bat file script it executes the jar file such that script inside jar file gets executed in same exe that is being called by clicking the .bat file.

0 Karma

Explorer

However I tired another script file with following contents and it just ran fine with no errors.
===============START===============
REM
REM This is text output
REM By Haris Khan,salman ahmed and john
REM This is my second line output
REM
REM Script Name: cp01_scripted_input.bat
REM Description: A simple Batch script that will output a timestamp and
REM text to stdout for the purposes of demostrating how a scripted input
REM works in Splunk.
REM

echo This is a test> C:\Users\Admin\Desktop\f1.txt
@ECHO OFF

ECHO [%DATE% %TIME%] Welcome to the world of splunk This recipe tastes grreeaaattt!

===============END===============

0 Karma

Explorer

Can anybody help how may i sort this out?

0 Karma