All Apps and Add-ons

Why am I unable to run a Python script when alerts are generated?

kenfrand
New Member

Since I am quite new to Splunk, I am having difficulties to run a python script when alerts are generated.

The step I made to run the script :
1. Search for an index
2. Save as an alert

Here is a screen shot of my alert setting and the directory where I keep the script.

alt textalt text

I have not change any other file settings.
The noise.txt is a file where the test.py is reading from.

0 Karma

GregZillgitt
Path Finder

Try wrapping your python script with a shell script (.e.g. test.sh). Your ".py" file is not a standalone executable any more than is a ".java" or ".class" file. If you were running it from the command line you would say "python test.py", not just "test.py". If however you had a "test.sh" Bash script which contained "python test.py", then you could run
"test.sh" as an executable, assuming you had set the permissions correctly and your PATH included your PYTHON home.

0 Karma

adayton20
Contributor

Does Splunk have permission to run the script?

Try looking for issues with permissions in the internal log:

index=_internal yourscriptname 

jglazko
Engager

Thanks @adayton20 for the idea. Sure enough, my corporate software folks had installed Splunk in a different directory so my script wasn't even in the right spot. Checking the index as you described led me right to the problem.

0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...