Since I am quite new to Splunk, I am having difficulties to run a python script when alerts are generated.
The step I made to run the script :
1. Search for an index
2. Save as an alert
Here is a screen shot of my alert setting and the directory where I keep the script.
I have not change any other file settings.
The noise.txt is a file where the test.py is reading from.
Try wrapping your python script with a shell script (.e.g. test.sh). Your ".py" file is not a standalone executable any more than is a ".java" or ".class" file. If you were running it from the command line you would say "python test.py", not just "test.py". If however you had a "test.sh" Bash script which contained "python test.py", then you could run
"test.sh" as an executable, assuming you had set the permissions correctly and your PATH included your PYTHON home.
Thanks @adayton20 for the idea. Sure enough, my corporate software folks had installed Splunk in a different directory so my script wasn't even in the right spot. Checking the index as you described led me right to the problem.