Why am I unable to run a Python script when alerts...

kenfrand · ‎01-25-2017

Since I am quite new to Splunk, I am having difficulties to run a python script when alerts are generated.

The step I made to run the script :
1. Search for an index
2. Save as an alert

Here is a screen shot of my alert setting and the directory where I keep the script.

I have not change any other file settings.
The noise.txt is a file where the test.py is reading from.

GregZillgitt · ‎01-26-2017

Try wrapping your python script with a shell script (.e.g. test.sh). Your ".py" file is not a standalone executable any more than is a ".java" or ".class" file. If you were running it from the command line you would say "python test.py", not just "test.py". If however you had a "test.sh" Bash script which contained "python test.py", then you could run
"test.sh" as an executable, assuming you had set the permissions correctly and your PATH included your PYTHON home.

adayton20 · ‎01-26-2017

Does Splunk have permission to run the script?

Try looking for issues with permissions in the internal log:

index=_internal yourscriptname

jglazko · ‎03-02-2018

Thanks @adayton20 for the idea. Sure enough, my corporate software folks had installed Splunk in a different directory so my script wasn't even in the right spot. Checking the index as you described led me right to the problem.

Why am I unable to run a Python script when alerts are generated?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor