Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is triggering an alert not running the script?

redouane_prx
Engager
‎04-13-2018 04:46 AM

Hi,

It's been two days and I'm trying to solve this problem, I'm quite new to splunk and I want to run a script from a triggred alarm.

I've configured an alarm to execute two action:
1) send an email
2) run a script

I do receive the email but the shell script is not executed, the log file (splunkd.log) shows this error:

rt_scheduler__admin__search__RMD5311cfcc34c99c9e6_at_1523539181_68344.1380 command="runshellscript", Script: /opt/splunk/bin/scripts/ exited with status code: 1

I tried Script trouble shooting but it didn't help.

I'm using the version 6.5.3 of splunk.

Hope you can help me with this.

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎04-13-2018 03:31 PM

As mentioned by @DalJeanis, this is most likely related to the script being not correct. Try running it like Splunk would:

  1. Start a Splunk shell: /opt/splunk/bin/splunk /bin/bash
  2. In this shell start the script: /opt/splunk/bin/splunk cmd <scriptnamehere> and see what happens

cheers, MuS

0 Karma
Reply

redouane_prx
Engager
‎04-16-2018 01:52 AM

Thank you guys, the problem is solved. the issue indeed was with the script and Splunk shell didn't have the necessary libraries (OPENSSL_1.0.1) to execute it.

Reply

logloganathan
Motivator
‎04-16-2018 06:03 AM

thanks for providing the solution

0 Karma
Reply

sagar0907
Engager
‎11-25-2019 01:45 AM

where do we need the libraries and which libraries we need to place in order to run the shell script/sql

0 Karma
Reply

DalJeanis
Legend
‎04-13-2018 01:16 PM

I've also seen times when status code 1 was a badly written python script. wrong number of spaces on a line if I recall correctly.

0 Karma
Reply

Sukisen1981
Champion
‎04-13-2018 11:25 AM

Hi refer this thread here - https://answers.splunk.com/answers/329819/alert-manager-script-exit-status-1.html
Looks like an issue with the script target . It could be an issue with the privileges that splunk needs to access your script target

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...