Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

alert scripts: where do stdout and stderr go

wegscd
Contributor
‎09-11-2014 07:32 AM

I'm working on some alert scripts, and trying to get debugging information out of them.

I can't figure out where stderr and stdout are going: I write to them, but nothing shows up in the _internal logs.

Tags (2)
0 Karma
Reply

tcgerhard
Explorer
‎01-09-2017 09:59 AM

The logs are ingested and can be seen via SPL:

index=_internal sourcetype=splunkd component=sendmodalert action="{action}"

See http://docs.splunk.com/Documentation/Splunk/6.4.2/AdvancedDev/ModAlertsLog#Access_alert_action_scrip...

0 Karma
Reply

hortonew
Builder
‎09-11-2014 08:10 AM

This answer may help you:

http://answers.splunk.com/answers/31262/sysstderr-not-logging-to-splunkd

0 Karma
Reply

kundeng
Path Finder
‎05-25-2016 08:08 AM

doesn't seem to really answer the question. I'm debugging someone's custom alert, and I don't want to change his code yet. So where are stderr stored, maybe it IS lost?

0 Karma
Reply

hortonew
Builder
‎09-11-2014 09:09 AM

you can do the logging they mention in an alert script. Is your script in $SplunkHome$/bin/scripts ?

0 Karma
Reply

droth333
Explorer
‎02-19-2015 12:58 PM

Appears Splunk will find a triggered alert script in $SPLUNK_HOME/bin/scripts.
But if the script contains >> directs to a file (like for debugging), that file is written to $SPLUNK_HOME/etc/apps/search/bin (assuming the alert was written in search app).
Does that sound right, or expected?

0 Karma
Reply

wegscd
Contributor
‎09-11-2014 09:03 AM

thank you. is there a posting that covers the case of alert scruipts? not seeing that mentioned in this posting (or am I missing something)?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...