Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Run a script on UF from SHC

ishaanshekhar
Communicator
‎05-09-2016 12:05 AM

Hi,

I have a few scheduled alerts setup on my SHC. The output is the list of hosts (UFs) that fall in the alert criteria.

I need my alert to also run a script on all the remote hosts (UFs) that fall in the alert criteria.

I understand we can have a script on the local SHC to call the remote script on UF using ssh. But I dont want to follow that route. I wish to have a script in an app on UF and have it run by SHC.

Is that possible directly? or through a rest endpoint? or any other technique?

Thanks
Ishaan

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-09-2016 06:46 AM

Im afraid this exact requirement SHC to UF is not possible without the use of ssh or another command and control technique/software.

What if you put a script on the UF that queried the SHC, runs a search or reads a saved search/report, determines if the UF itself is in the list, and then executes the code. Make the script run on the UF every hour, etc.

0 Karma
Reply

ishaanshekhar
Communicator
‎05-10-2016 07:10 AM

Thanks @jkat54 .... but my irony is the actual data for the calculation of 'alert' condition is coming from the UFs themselves to the SHC.

If I were to put a script on the UFs to check on the SHC through REST endpoint, it would be easier to put a script that would check the data in question locally on UF rather than on SHC.

I was actually hoping for a REST end point to run a script in an app on UF, which I could call from the SHC.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-10-2016 07:23 AM

What is the criteria for your alert?

0 Karma
Reply

ishaanshekhar
Communicator
‎05-10-2016 08:22 AM

Things that are local to a UF server... such as disk space, process hung, memory, cpu increase etc.

The date comes from the UF to SHC, and the SHC is required to trigger a script on the UF for corrective action in case of threshold is met for any criteria.

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...