All Apps and Add-ons

ScriptRunner - "Couldn't start child process" error when trying to execute a custom alert action script?

TimEek
Path Finder

As the title suggests, Im getting the following error when trying to execute a custom alert action script.

The script is quite simple. Its a shell script that basically looks like this:

#!/bin/bash
if [[ "$1" == "--execute" ]]; then
https_proxy=proxyname:port curl --header "content-type: text/soap+xml; charset=UTF-8" --data @alertBody.xml https://url/api
fi

If I execute this through the command line using: sh alert.sh --execute, it works perfectly. But I get the above error instead. It references the script in the following way:

ERROR ScriptRunner - Couldn't start child process. script="/opt/splunk/etc/apps/alert_app/bin/alert.sh --execute"

I am not trying to give arguments to the script. It's a simple script that posts to an API with predetermined text that's always the same in the xml body. My alert actions looks as follows:

[alert]
is_custom=1
label=alertTest
icon_path=logevent.png
disabled=0

Adding some fields didn't help, but maybe someone can help me find which ones are mandatory? I copied the png from another alerting app and placed it in the same folder.

 

Labels (2)
Tags (1)
0 Karma
1 Solution

TimEek
Path Finder

In case anyone finds this in the future.. Problems are usually easier to solve than you think. I discovered that the permissions for my linux systems were out of wack, so chmod 700 on the script was enough to get me through this step. Good luck to anyone else!

View solution in original post

_smp_
Builder

I was getting this error from a scripted input after upgrading from 8.2.10 to 9.0.6, and resolved it by removing python.version = python2 from the restmap.conf file that someone had manually added.

Tags (1)
0 Karma

TimEek
Path Finder

In case anyone finds this in the future.. Problems are usually easier to solve than you think. I discovered that the permissions for my linux systems were out of wack, so chmod 700 on the script was enough to get me through this step. Good luck to anyone else!

alexis
Explorer

good job. thanks

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...