Run a Linux shell script with Alert Action in the ...

konpa01 · ‎03-27-2020

I am running version 8.x. I want to add the capability to run a custom Linux bash script as Alert Action with the OOTB search app. I did the following:

1 - create a file called alert_actions.conf in the /opt/splunk/etc/apps/search/default directory and have the following content.
[sendsnmptrap]
is_custom = 1
label = Send SNMP Traps
description = Custom action to send search result as SNMP traps
ttl = 120
disabled = 0

----how can I call the script?

2 - I create the script in as /opt/splunk/etc/apps/search/bin/sendsnmptrap.sh with the very basic command & parameter

martin_mueller · ‎03-27-2020

First off, DO NOT edit in etc/apps/search/default, it will get overwritten on update of splunk, instead use local: https://docs.splunk.com/Documentation/Splunk/8.0.2/Admin/Configurationfiledirectories#About_the_defa...

That being said, you can call scripts using the Run a script alert action: https://docs.splunk.com/Documentation/Splunk/8.0.2/Alert/Runscriptaction or by properly implementing a custom alert using the Modular Alert framework: https://docs.splunk.com/Documentation/Splunk/8.0.2/AdvancedDev/ModAlertsIntro

Run a Linux shell script with Alert Action in the standard Search app.

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Are you a member of the Splunk Community?

Run a Linux shell script with Alert Action in the standard Search app.

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases