I would like to execute a powershell script based on a search SPLUNK result. if the condition is 1111 run this powershell command. This must be PS 2.0
You can create a search alert, setup the conditions, and the schedule.
Then in the actions options specify "trigger a shell script" to call.
see the documentation on how to pass arguments to the script :
http://docs.splunk.com/Documentation/Splunk/6.1.3/Alert/Configuringscriptedalerts
and http://wiki.splunk.com/Community:TroubleshootingAlertScripts
For powershell, you may need to change the system policy settings to allow splunk to unsigned scripts run it.
see http://technet.microsoft.com/en-us/library/hh849812.aspx
I am looking for a way to run PS script directly from alert actions. I couldn't find a way to do it except running a bat script to call my powershell script. If anybody find a way to resolve this, please share 🙂
Thanks for the suggestion, but unfortunatly non of these worked
Thanks I believe the second part is what I have been struggling with.