Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Alerting
- :
- Why is triggering an alert not running the script?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why is triggering an alert not running the script?
Hi,
It's been two days and I'm trying to solve this problem, I'm quite new to splunk and I want to run a script from a triggred alarm.
I've configured an alarm to execute two action:
1) send an email
2) run a script
I do receive the email but the shell script is not executed, the log file (splunkd.log) shows this error:
rt_scheduler__admin__search__RMD5311cfcc34c99c9e6_at_1523539181_68344.1380 command="runshellscript", Script: /opt/splunk/bin/scripts/ exited with status code: 1
I tried Script trouble shooting but it didn't help.
I'm using the version 6.5.3 of splunk.
Hope you can help me with this.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As mentioned by @DalJeanis, this is most likely related to the script being not correct. Try running it like Splunk would:
- Start a Splunk shell:
/opt/splunk/bin/splunk /bin/bash - In this shell start the script:
/opt/splunk/bin/splunk cmd <scriptnamehere>and see what happens
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you guys, the problem is solved. the issue indeed was with the script and Splunk shell didn't have the necessary libraries (OPENSSL_1.0.1) to execute it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks for providing the solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
where do we need the libraries and which libraries we need to place in order to run the shell script/sql
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've also seen times when status code 1 was a badly written python script. wrong number of spaces on a line if I recall correctly.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi refer this thread here - https://answers.splunk.com/answers/329819/alert-manager-script-exit-status-1.html
Looks like an issue with the script target . It could be an issue with the privileges that splunk needs to access your script target
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas
What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)
Automating Threat Operations and Threat Hunting with Recorded Future
