I have a .bat script that calls a Powershell script as an alert action. I am trying to make my batch script re-usable with different parameters from Alert actions.
My batch script is like:
@echo off set psdir=E:\Temp\%1 E: @powershell %psdir%
When I run the batch script from CMD with parameters, I have no issues, PS runs great and it does what it needs to do.
If I hard code the PS path and run BAT as an alert action without parameters, it works as well.
When I try to run it from Alert actions with parameters, it fails. My bat file is located in Splunk_Home\bin\scripts
Alert action is like:
Thanks up front for your time and help.
You should avoid such solution using an argument for post script alert. Splunk will pass required arguments. Maybe your batch script can decided which powershell script to run based on saved search name passed from Splunk.
Thanks for the response. Reason I came up with this solution is to add/remove PS scripts without Splunk server intervention. I just want to use UI setup for alerts going forward and keep my PS scripts somewhere that Splunk server can access.
I was wondering if "\" (backslashes) of the path might be the problem for Splunk. Can I escape them as regex?
Your idea itself sounds good.
Sorry but the UI input for post script is to check executable file (script) in a proper location. So, you need to avoid argument in the Alert action script field.
ok, this question might be unrelated to what i ask, but do you know if there is anyway to run a saved search as alert action like post script?
In a script, run a Splunk search,
$SPLUNKHOME/bin/splunk search '| savedsearch "$savedsearchname$" -app $myapp_name$' -auth admin:changeme