Alerting
Highlighted

Run a script from an alert

New Member

Hello everyone,

I need your help please.
I am trying to run the same script from an alert.
My script is in : /apps/myapp/bin/scripts/myscript.sh
I changed the permissions (everyone can read, write and execute the script) and the owner is splunk.
My log file is in /apps/myapp/bin/scripts/logfile.log (everyone can read, write and execute the log file) and the owner is splunk.

The sh script is :

   DATE=`date '+%Y/%m/%d'`
   echo $DATE  >> /srv/opt/splunk/etc/apps/my_app/bin/scripts/log_file.log

Nothing happens, my file (log_file.log) is not modified, and II don't know where can I check the erros or problems due to the execution of the script from the alert.
First question : Where can we check the logs of the execution of the alert (if the script is running or if there is a problem)?
Second question: Is there something I should do enable running a script from an alert ? Can someone explain the steps we need to do to make the alert run the script ?

PS : I've already read the splunk doc.

Thank you for your help

Tags (3)
0 Karma
Highlighted

Re: Run a script from an alert

SplunkTrust
SplunkTrust

Hi,

After creating script, you need to configure that script in Schedule Search, have a look at this document https://docs.splunk.com/Documentation/Splunk/7.2.3/Alert/Runscriptaction.

Additionally Run a Script alert action is officially deprecated. It has been replaced with custom alert actions as a more scalable and robust framework for integrating custom actions. See About custom alert actions for implementation and migration information.

Highlighted

Re: Run a script from an alert

Path Finder

Hi @manalhadrach ,

You can check error of script by running below query.

index="_internal" "cpu.sh"

Thanks,
Bhavik

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.