Alerting

execute a powershell scipt based on an alert

jsdao
Explorer

I would like to execute a powershell script based on a search SPLUNK result. if the condition is 1111 run this powershell command. This must be PS 2.0

Tags (2)
0 Karma

yannK
Splunk Employee
Splunk Employee

You can create a search alert, setup the conditions, and the schedule.
Then in the actions options specify "trigger a shell script" to call.

see the documentation on how to pass arguments to the script :
http://docs.splunk.com/Documentation/Splunk/6.1.3/Alert/Configuringscriptedalerts
and http://wiki.splunk.com/Community:TroubleshootingAlertScripts

For powershell, you may need to change the system policy settings to allow splunk to unsigned scripts run it.
see http://technet.microsoft.com/en-us/library/hh849812.aspx

axl88
Communicator

I am looking for a way to run PS script directly from alert actions. I couldn't find a way to do it except running a bat script to call my powershell script. If anybody find a way to resolve this, please share 🙂

0 Karma

jsdao
Explorer

Thanks for the suggestion, but unfortunatly non of these worked

0 Karma

jsdao
Explorer

Thanks I believe the second part is what I have been struggling with.

0 Karma
Get Updates on the Splunk Community!

Splunk ITSI & Correlated Network Visibility

  Now On Demand   Take Your Network Visibility to the Next Level In today’s complex IT environments, ...

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

  Now On Demand  Stay ahead of today’s evolving threats with the combined power of the Splunk Threat Research ...

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Automated Archival is a new capability within Metrics Management; which is a robust usage & cost optimization ...