Getting Data In

Run a Linux shell script with Alert Action in the standard Search app.

konpa01
New Member

I am running version 8.x. I want to add the capability to run a custom Linux bash script as Alert Action with the OOTB search app. I did the following:

1 - create a file called alert_actions.conf in the /opt/splunk/etc/apps/search/default directory and have the following content.
[sendsnmptrap]
is_custom = 1
label = Send SNMP Traps
description = Custom action to send search result as SNMP traps
ttl = 120
disabled = 0

----how can I call the script?

2 - I create the script in as /opt/splunk/etc/apps/search/bin/sendsnmptrap.sh with the very basic command & parameter

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

First off, DO NOT edit in etc/apps/search/default, it will get overwritten on update of splunk, instead use local: https://docs.splunk.com/Documentation/Splunk/8.0.2/Admin/Configurationfiledirectories#About_the_defa...

That being said, you can call scripts using the Run a script alert action: https://docs.splunk.com/Documentation/Splunk/8.0.2/Alert/Runscriptaction or by properly implementing a custom alert using the Modular Alert framework: https://docs.splunk.com/Documentation/Splunk/8.0.2/AdvancedDev/ModAlertsIntro

0 Karma
Get Updates on the Splunk Community!

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...

Splunk AppDynamics Agents Webinar Series

Mark your calendars! On June 24th at 12PM PST, we’re going live with the second session of our Splunk ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open! If you ...