Re: Why am I unable to run a Python script when al...

kenfrand · ‎01-25-2017

Since I am quite new to Splunk, I am having difficulties to run a python script when alerts are generated.

The step I made to run the script :
1. Search for an index
2. Save as an alert

Here is a screen shot of my alert setting and the directory where I keep the script.

I have not change any other file settings.
The noise.txt is a file where the test.py is reading from.

GregZillgitt · ‎01-26-2017

Try wrapping your python script with a shell script (.e.g. test.sh). Your ".py" file is not a standalone executable any more than is a ".java" or ".class" file. If you were running it from the command line you would say "python test.py", not just "test.py". If however you had a "test.sh" Bash script which contained "python test.py", then you could run
"test.sh" as an executable, assuming you had set the permissions correctly and your PATH included your PYTHON home.

adayton20 · ‎01-26-2017

Does Splunk have permission to run the script?

Try looking for issues with permissions in the internal log:

index=_internal yourscriptname

jglazko · ‎03-02-2018

Thanks @adayton20 for the idea. Sure enough, my corporate software folks had installed Splunk in a different directory so my script wasn't even in the right spot. Checking the index as you described led me right to the problem.

Why am I unable to run a Python script when alerts are generated?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!