Alerting

alert_actions.conf on Splunk Forwarder

Regleston
New Member

I am looking into the ability to set a script to run when an alert is triggered. My Splunk GUI tells me that the option to trigger a command is deprecated. So I started looking into creating alert_actions.conf. Can this file be in /system/local on the forwarder and not on the DC or DS? Also if the alert is setup through the GUI would I be able to just reference the alert name in alert_actions.conf and configure the command trigger on the forwarder?

Tags (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

You can put the file on the forwarder, but it won't do any good. Forwarders do not process alerts - search heads do that.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

You can put the file on the forwarder, but it won't do any good. Forwarders do not process alerts - search heads do that.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

Regleston
New Member

That's what I thought would be the case but wanted to confirm, thanks Rich.

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.