Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Triggering script from alert

bharatkalra
New Member
‎05-20-2013 08:19 AM

Hi,

I have an alert set up in splunk which runs every 30 minutes, the alert is running fine as I am receiving the email properly. I also have enabled a test.sh script on the splunk server and want it to be executed when the alert is run. Permission of the script is 755 which shouldn't be any issue. Script is located at /home/splunk/bin/scripts as specified in the help manual. Script is running fine when run manually, but somehow it is not getting executed from splunk. Even there is no entry in splunkd.log file for the execution. Script is nothing but an echo and creation of a .log file at the same location, which is not being created as of now.

Could somebody help me in this situation, would really appreciate. Let me know if I am doing something wrong or if there is anything missing from my part.

Thanks in Advance!!

Tags (3)
0 Karma
Reply

bharatkalra
New Member
‎05-20-2013 09:00 AM

Hello Kristian,

Thanks for responding to my question.

I also wondered to the point you made. But actually, /opt has a soft link splunk which is pointing to /home/splunk so it doesn't make any difference of the location as both are same location.

Best Regards,
Bharat Kalra

0 Karma
Reply

kristian_kolb
Ultra Champion
‎05-20-2013 08:53 AM

Did you put it in /home/splunk/bin/scripts? That is not likely to work.

You might be mixing it up with $SPLUNK_HOME, which is the base directory of the Splunk installation (and not the home-dir of the splunk user).

On *nix systems that usually is /opt/splunk and on win*-systems it is c:\program files\splunk.

So put your script in /opt/splunk/bin/scripts (or it's windows equivalent).

Hope this helps,

K

0 Karma
Reply

kristian_kolb
Ultra Champion
‎05-21-2013 03:43 AM

have you looked at the splunkd.log for error messages?

0 Karma
Reply

bharatkalra
New Member
‎05-20-2013 09:01 AM

Hello Kristian,

Thanks for responding to my question.

I also wondered to the point you made. But actually, /opt has a soft link splunk which is pointing to /home/splunk so it doesn't make any difference of the location as both are same location.

Best Regards,
Bharat Kalra

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...