I am trying to use a powershell scripted alert.
I came up with the scripted alert
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -File "E:\Program Files\Splunk\bin\scripts\Script1.ps1"
the problem with this is that i don't seem to have access to the environmental variables to grab the attached csv for the results.
anyone able to run a scripted powershell alert?
This should be set in bat file.
C:WindowsSystem32WindowsPowerShellv1.0powershell.exe -NoProfile -File "E:Program FilesSplunkbinscriptsScript1.ps1" "%SPLUNK_ARG_0%", "%SPLUNK_ARG_1%", "%SPLUNK_ARG_2%", "%SPLUNK_ARG_3%", "%SPLUNK_ARG_4%", "%SPLUNK_ARG_5%", "%SPLUNK_ARG_6%", "%SPLUNK_ARG_7%", "%SPLUNK_ARG_8%"
then in ps script $args[i], as per need.
Where did you pass the environment variables? the bat file should contain the "%SPLUNK_ARG_7%", "%SPLUNK_ARG_8%" which passes the csv /search id? I dont know how you are getting the result and emailing but this should be passed to .ps1 script to make any splunk result manipulation.
Check with Splunk\bin\scripts echo.bat and try to work again.
That won't help with an alert driven by a Splunk search. Today, the only options for an alert action are email or script. The resource kit is cool, though, as is the PowerShell addon, which every Splunk Windows shop needs to see http://apps.splunk.com/app/1477/
Your script should inherit the environment from the parent process. Try enumerating $env:, it's a special variable that contains the env vars. you would access it like this:
So, to get your windows install folder, that would be $env:windir. There are many docs and posts about this topic, here's one: http://technet.microsoft.com/en-us/library/ff730964.aspx
HTH, let us know