Alerting

Why is my alert script output in Chinese characters?

Explorer

I wrote a script that does the following:

cat $SPLUNK_ARG_8 > /tmp/$SPLUNK_ARG_4.csv

Unfortunately, I am getting lots of characters similar to: 噪 instead of the logs. The logs are in English, and I can read them. The script output is not. I am running Splunk on Redhat. Has anyone encountered this kind of error before?

0 Karma
1 Solution

Explorer

I figured it out, but for the sake of clarity: $SPLUNK_ARG_8 is a gzip file. I would like to suggest that this be noted in the docs under the scripting area.
Hope this helps.

View solution in original post

Explorer

I figured it out, but for the sake of clarity: $SPLUNK_ARG_8 is a gzip file. I would like to suggest that this be noted in the docs under the scripting area.
Hope this helps.

View solution in original post

Splunk Employee
Splunk Employee

Hi @alaking,

I can make a note of this in our documentation.

I noticed that this previous Answers posts also mentions that the raw data file is in gzip format:
https://answers.splunk.com/answers/227220/output-search-results-from-alert-to-syslog-retriev.html

Just so you know, scripted alerts are deprecated. Depending on the software version you have, you might consider a custom alert action instead. Here is a link to our documentation on creating custom alert actions:
http://docs.splunk.com/Documentation/Splunk/6.3.1511/AdvancedDev/ModAlertsIntro

Hope this helps!

Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!