Alerting
Highlighted

execute a powershell scipt based on an alert

Explorer

I would like to execute a powershell script based on a search SPLUNK result. if the condition is 1111 run this powershell command. This must be PS 2.0

Tags (2)
0 Karma
Highlighted

Re: execute a powershell scipt based on an alert

Splunk Employee
Splunk Employee

You can create a search alert, setup the conditions, and the schedule.
Then in the actions options specify "trigger a shell script" to call.

see the documentation on how to pass arguments to the script :
http://docs.splunk.com/Documentation/Splunk/6.1.3/Alert/Configuringscriptedalerts
and http://wiki.splunk.com/Community:TroubleshootingAlertScripts

For powershell, you may need to change the system policy settings to allow splunk to unsigned scripts run it.
see http://technet.microsoft.com/en-us/library/hh849812.aspx

Highlighted

Re: execute a powershell scipt based on an alert

Explorer

Thanks I believe the second part is what I have been struggling with.

0 Karma
Highlighted

Re: execute a powershell scipt based on an alert

Explorer

Thanks for the suggestion, but unfortunatly non of these worked

0 Karma
Highlighted

Re: execute a powershell scipt based on an alert

Communicator

I am looking for a way to run PS script directly from alert actions. I couldn't find a way to do it except running a bat script to call my powershell script. If anybody find a way to resolve this, please share 🙂

0 Karma