Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why do I not get any output from Argument 6 from a splunk alert script?

tshay
Engager
‎05-08-2015 08:26 AM

In Splunk 6.2.2, I am trying to run a script to output a link to the saved search using argument 6 found here: http://wiki.splunk.com/Community:Use_Splunk_alerts_with_scripts_to_create_a_ticket_in_your_ticketing...

Arguments 1-5 and 8 are working correctly, however argument 6 does not return anything. This is the batch file I am using:
@echo off
echo %SPLUNK_ARG_6% > "C:\Users[username]\Documents\Splunk\test_output.txt"

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Yasaswy
Contributor
‎05-08-2015 09:59 AM

Hi.. just curious on what you are seeing for %SPLUNK_ARG_8%. Typically the same could be expected for 6 as well... might lend a clue.
eg:

Assuming this is from an app... path can be relative

6) http://yoursplunk:8000/app/appname/@go?sid=abcdef
vs 
8)/PathTo_splunk/var/run/splunk/dispatch/abcdef/results.csv.gz

View solution in original post

Reply
Solved! Jump to solution
Solution

Yasaswy
Contributor
‎05-08-2015 09:59 AM

Hi.. just curious on what you are seeing for %SPLUNK_ARG_8%. Typically the same could be expected for 6 as well... might lend a clue.
eg:

Assuming this is from an app... path can be relative

6) http://yoursplunk:8000/app/appname/@go?sid=abcdef
vs 
8)/PathTo_splunk/var/run/splunk/dispatch/abcdef/results.csv.gz
Reply
Solved! Jump to solution

tshay
Engager
‎05-08-2015 12:55 PM

Hi,

This is what I am getting for %SPLUNK_ARG_8%:C:/ProgramFiles/Splunk/var/run/splunk/dispatch/rt_scheduler_adminsearch_errorcode20_at_1431029291_8.55/per_result_alert/tmp_8.csv.gz

When I go to
//localhost:8000/app/search/@go?sid=rt_scheduler_adminsearch_errorcode20_at_1431029291_8.55

The link brings up the search! Thanks for your help. Arg 6 is still not working for me through a script, but I can just scrape the info from arg 8.

Thanks again

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...