unable to run python scripted alert

sbsbb · ‎08-22-2014

I've made a scripted alert in python, and put it in py app directory
.../splunk/etc/apps/myapp/bin/scripts/scripted_alert.py

in .../splunk/var/log/splunk/python.log I see that it has been triggered with the correct path, and parameters :
2014-08-22 14:37:01,178 INFO ['.../splunk/etc/apps/myapp/bin/scripts/scripted_alert.py', '1', '| stats c | eval ...

When I try to execute it with
.../splunk/bin/splunk cmd python .../splunk/etc/apps/myapp/bin/scripts/scripted_alert.py' with all the parameters from the python.log, it is working...

It seems that splunk is not taking the python interpreter ?
But in my file header I have

#!.../splunk/bin/python
# -*- coding: utf-8 -*-

(... is a substitution / I'm using Splunk 5.0.5)

starcher · ‎08-22-2014

Most likely your hash bang is off. I believe in this case the full path should work better. if that is a typical Splunk unix install try:

#!/opt/splunk/bin/python

sbsbb · ‎08-22-2014

this is already the case

unable to run python scripted alert

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation

unable to run python scripted alert

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A