Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Run a script from an alert

manalhadrach
New Member
‎12-28-2018 02:54 AM

Hello everyone,

I need your help please.
I am trying to run the same script from an alert.
My script is in : /apps/my_app/bin/scripts/my_script.sh
I changed the permissions (everyone can read, write and execute the script) and the owner is splunk.
My log file is in /apps/my_app/bin/scripts/log_file.log (everyone can read, write and execute the log file) and the owner is splunk.

The sh script is : 

   DATE=`date '+%Y/%m/%d'`
   echo $DATE  >> /srv/opt/splunk/etc/apps/my_app/bin/scripts/log_file.log

Nothing happens, my file (log_file.log) is not modified, and II don't know where can I check the erros or problems due to the execution of the script from the alert.
First question : Where can we check the logs of the execution of the alert (if the script is running or if there is a problem)?
Second question: Is there something I should do enable running a script from an alert ? Can someone explain the steps we need to do to make the alert run the script ?

PS : I've already read the splunk doc.

Thank you for your help

Tags (3)
0 Karma
Reply

bhavikbhalodia
Path Finder
‎01-15-2019 05:40 AM

Hi @manalhadrach ,

You can check error of script by running below query.

index="_internal" "cpu.sh"

Thanks,
Bhavik

0 Karma
Reply

harsmarvania57
Ultra Champion
‎12-28-2018 06:00 AM

Hi,

After creating script, you need to configure that script in Schedule Search, have a look at this document https://docs.splunk.com/Documentation/Splunk/7.2.3/Alert/Runscriptaction.

Additionally Run a Script alert action is officially deprecated. It has been replaced with custom alert actions as a more scalable and robust framework for integrating custom actions. See About custom alert actions for implementation and migration information.

Reply

rajashaey
Engager
2 weeks ago

I have requirement and am not sure if i can achieve this through this method. For example if i create an Search whihc is not logging or down, and can i create a run a custom script to check by telnetting or ping for the results came from search? Is this possible? How i can pass the values of the hostnames to the script?

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
2 weeks ago

1. This is a very old thread. You have a new problem, possibly only partially (if at all) connected to the original question. Please create a new thread describing your goal and what you tried so far.

2. Speaking of "what you tried so far" - have you checked the docs? Have you tried doing anything on your own yet?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...