Alerting

How do I get the parameters passed to the batch script in an alert action?

axl88
Communicator

I have a .bat script that calls a Powershell script as an alert action. I am trying to make my batch script re-usable with different parameters from Alert actions.

My batch script is like:

@echo off
set psdir=E:\Temp\%1
E:
@powershell %psdir%

When I run the batch script from CMD with parameters, I have no issues, PS runs great and it does what it needs to do.
If I hard code the PS path and run BAT as an alert action without parameters, it works as well.

When I try to run it from Alert actions with parameters, it fails. My bat file is located in Splunk_Home\bin\scripts
Alert action is like:

mybat.bat myps1.ps1

Thanks up front for your time and help.

0 Karma
1 Solution

Masa
Splunk Employee
Splunk Employee

You should avoid such solution using an argument for post script alert. Splunk will pass required arguments. Maybe your batch script can decided which powershell script to run based on saved search name passed from Splunk.

View solution in original post

Masa
Splunk Employee
Splunk Employee

You should avoid such solution using an argument for post script alert. Splunk will pass required arguments. Maybe your batch script can decided which powershell script to run based on saved search name passed from Splunk.

axl88
Communicator

Thanks for the response. Reason I came up with this solution is to add/remove PS scripts without Splunk server intervention. I just want to use UI setup for alerts going forward and keep my PS scripts somewhere that Splunk server can access.
I was wondering if "\" (backslashes) of the path might be the problem for Splunk. Can I escape them as regex?

0 Karma

Masa
Splunk Employee
Splunk Employee

Your idea itself sounds good.
Sorry but the UI input for post script is to check executable file (script) in a proper location. So, you need to avoid argument in the Alert action script field.

0 Karma

axl88
Communicator

ok, this question might be unrelated to what i ask, but do you know if there is anyway to run a saved search as alert action like post script?

0 Karma

Masa
Splunk Employee
Splunk Employee

( ref: https://answers.splunk.com/answers/2378/running-a-saved-search-from-the-command-line-interface-cli.h... )

In a script, run a Splunk search,
$SPLUNK_HOME/bin/splunk search '| savedsearch "$saved_search_name$" -app $my_app_name$' -auth admin:changeme

axl88
Communicator

Thanks man

0 Karma
Get Updates on the Splunk Community!

Customer Experience | Splunk 2024: New Onboarding Resources

In 2023, we were routinely reminded that the digital world is ever-evolving and susceptible to new ...

Celebrate CX Day with Splunk: Take our interactive quiz, join our LinkedIn Live ...

Today and every day, Splunk celebrates the importance of customer experience throughout our product, ...

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...