Why does the output for triggered alert scripts in Splunk contain ^ (hats/caret) characters?


I am calling a script on a triggered alert to send an snmp trap, but it was coming across like this.

"index^=common^ sourcetype^=processor^ source^=*Online*^ ^(REQ^ OR^ RSP^)^ earliest^=-5m@m^ latest^=now^ ^

I thought it was something snmp was doing but i redirected the output via a batch script and it's coming directly from Splunk as the values being passed.

What would be causing these?

0 Karma


good question...

0 Karma



Saw this - hope its useful:

This script is very used, I use it myself and never had problems.


Rodrigo Ribeiro

0 Karma
Get Updates on the Splunk Community!

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Python 2.7, the last release of Python 2, reached End of Life back on January 1, 2020. As part of our larger ...