Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Why is my alert script output in Chinese characters?

alaking
Explorer
‎01-06-2016 01:30 PM

I wrote a script that does the following:

cat $SPLUNK_ARG_8 > /tmp/$SPLUNK_ARG_4.csv

Unfortunately, I am getting lots of characters similar to: 噪 instead of the logs. The logs are in English, and I can read them. The script output is not. I am running Splunk on Redhat. Has anyone encountered this kind of error before?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

alaking
Explorer
‎01-07-2016 05:31 AM

I figured it out, but for the sake of clarity: $SPLUNK_ARG_8 is a gzip file. I would like to suggest that this be noted in the docs under the scripting area.
Hope this helps.

View solution in original post

Reply
Solved! Jump to solution
Solution

alaking
Explorer
‎01-07-2016 05:31 AM

I figured it out, but for the sake of clarity: $SPLUNK_ARG_8 is a gzip file. I would like to suggest that this be noted in the docs under the scripting area.
Hope this helps.

Reply
Solved! Jump to solution

frobinson_splun
Splunk Employee
Splunk Employee
‎01-07-2016 09:24 AM

Hi @alaking,

I can make a note of this in our documentation.

I noticed that this previous Answers posts also mentions that the raw data file is in gzip format:
https://answers.splunk.com/answers/227220/output-search-results-from-alert-to-syslog-retriev.html

Just so you know, scripted alerts are deprecated. Depending on the software version you have, you might consider a custom alert action instead. Here is a link to our documentation on creating custom alert actions:
http://docs.splunk.com/Documentation/Splunk/6.3.1511/AdvancedDev/ModAlertsIntro

Hope this helps!

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...