Getting Data In

Run a script on UF from SHC

ishaanshekhar
Communicator

Hi,

I have a few scheduled alerts setup on my SHC. The output is the list of hosts (UFs) that fall in the alert criteria.

I need my alert to also run a script on all the remote hosts (UFs) that fall in the alert criteria.

I understand we can have a script on the local SHC to call the remote script on UF using ssh. But I dont want to follow that route. I wish to have a script in an app on UF and have it run by SHC.

Is that possible directly? or through a rest endpoint? or any other technique?

Thanks
Ishaan

0 Karma

jkat54
SplunkTrust
SplunkTrust

Im afraid this exact requirement SHC to UF is not possible without the use of ssh or another command and control technique/software.

What if you put a script on the UF that queried the SHC, runs a search or reads a saved search/report, determines if the UF itself is in the list, and then executes the code. Make the script run on the UF every hour, etc.

0 Karma

ishaanshekhar
Communicator

Thanks @jkat54 .... but my irony is the actual data for the calculation of 'alert' condition is coming from the UFs themselves to the SHC.

If I were to put a script on the UFs to check on the SHC through REST endpoint, it would be easier to put a script that would check the data in question locally on UF rather than on SHC.

I was actually hoping for a REST end point to run a script in an app on UF, which I could call from the SHC.

0 Karma

jkat54
SplunkTrust
SplunkTrust

What is the criteria for your alert?

0 Karma

ishaanshekhar
Communicator

Things that are local to a UF server... such as disk space, process hung, memory, cpu increase etc.

The date comes from the UF to SHC, and the SHC is required to trigger a script on the UF for corrective action in case of threshold is met for any criteria.

0 Karma
Get Updates on the Splunk Community!

Splunk Education - Fast Start Program!

Welcome to Splunk Education! Splunk training programs are designed to enable you to get started quickly and ...

Five Subtly Different Ways of Adding Manual Instrumentation in Java

You can find the code of this example on GitHub here. Please feel free to star the repository to keep in ...

New Splunk APM Enhancements Help Troubleshoot Your MySQL and NoSQL Databases Faster

Splunk Observability has two new enhancements to make it quicker and easier to troubleshoot slow or frequently ...