Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I get the parameters passed to the batch script in an alert action?

axl88
Communicator
‎06-08-2016 02:05 PM

I have a .bat script that calls a Powershell script as an alert action. I am trying to make my batch script re-usable with different parameters from Alert actions.

My batch script is like:

@echo off
set psdir=E:\Temp\%1
E:
@powershell %psdir%

When I run the batch script from CMD with parameters, I have no issues, PS runs great and it does what it needs to do.
If I hard code the PS path and run BAT as an alert action without parameters, it works as well.

When I try to run it from Alert actions with parameters, it fails. My bat file is located in Splunk_Home\bin\scripts
Alert action is like:

mybat.bat myps1.ps1

Thanks up front for your time and help.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Masa
Splunk Employee
Splunk Employee
‎06-08-2016 02:54 PM

You should avoid such solution using an argument for post script alert. Splunk will pass required arguments. Maybe your batch script can decided which powershell script to run based on saved search name passed from Splunk.

View solution in original post

Reply
Solved! Jump to solution
Solution

Masa
Splunk Employee
Splunk Employee
‎06-08-2016 02:54 PM

You should avoid such solution using an argument for post script alert. Splunk will pass required arguments. Maybe your batch script can decided which powershell script to run based on saved search name passed from Splunk.

Reply
Solved! Jump to solution

axl88
Communicator
‎06-08-2016 03:32 PM

Thanks for the response. Reason I came up with this solution is to add/remove PS scripts without Splunk server intervention. I just want to use UI setup for alerts going forward and keep my PS scripts somewhere that Splunk server can access.
I was wondering if "\" (backslashes) of the path might be the problem for Splunk. Can I escape them as regex?

0 Karma
Reply
Solved! Jump to solution

Masa
Splunk Employee
Splunk Employee
‎06-08-2016 03:47 PM

Your idea itself sounds good.
Sorry but the UI input for post script is to check executable file (script) in a proper location. So, you need to avoid argument in the Alert action script field.

0 Karma
Reply
Solved! Jump to solution

axl88
Communicator
‎06-09-2016 09:04 AM

ok, this question might be unrelated to what i ask, but do you know if there is anyway to run a saved search as alert action like post script?

0 Karma
Reply
Solved! Jump to solution

Masa
Splunk Employee
Splunk Employee
‎06-09-2016 10:12 AM

( ref: https://answers.splunk.com/answers/2378/running-a-saved-search-from-the-command-line-interface-cli.h... )

In a script, run a Splunk search,
$SPLUNK_HOME/bin/splunk search '| savedsearch "$saved_search_name$" -app $my_app_name$' -auth admin:changeme

Reply
Solved! Jump to solution

axl88
Communicator
‎06-09-2016 10:18 AM

Thanks man

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...