Hi,
It's been two days and I'm trying to solve this problem, I'm quite new to splunk and I want to run a script from a triggred alarm.
I've configured an alarm to execute two action:
1) send an email
2) run a script
I do receive the email but the shell script is not executed, the log file (splunkd.log) shows this error:
rt_scheduler__admin__search__RMD5311cfcc34c99c9e6_at_1523539181_68344.1380 command="runshellscript", Script: /opt/splunk/bin/scripts/ exited with status code: 1
I tried Script trouble shooting but it didn't help.
I'm using the version 6.5.3 of splunk.
Hope you can help me with this.
As mentioned by @DalJeanis, this is most likely related to the script being not correct. Try running it like Splunk would:
/opt/splunk/bin/splunk /bin/bash
/opt/splunk/bin/splunk cmd <scriptnamehere>
and see what happens cheers, MuS
Thank you guys, the problem is solved. the issue indeed was with the script and Splunk shell didn't have the necessary libraries (OPENSSL_1.0.1) to execute it.
thanks for providing the solution
where do we need the libraries and which libraries we need to place in order to run the shell script/sql
I've also seen times when status code 1 was a badly written python script. wrong number of spaces on a line if I recall correctly.
Hi refer this thread here - https://answers.splunk.com/answers/329819/alert-manager-script-exit-status-1.html
Looks like an issue with the script target . It could be an issue with the privileges that splunk needs to access your script target