Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Run a script on UF from SHC

ishaanshekhar
Communicator
‎05-09-2016 12:05 AM

Hi,

I have a few scheduled alerts setup on my SHC. The output is the list of hosts (UFs) that fall in the alert criteria.

I need my alert to also run a script on all the remote hosts (UFs) that fall in the alert criteria.

I understand we can have a script on the local SHC to call the remote script on UF using ssh. But I dont want to follow that route. I wish to have a script in an app on UF and have it run by SHC.

Is that possible directly? or through a rest endpoint? or any other technique?

Thanks
Ishaan

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-09-2016 06:46 AM

Im afraid this exact requirement SHC to UF is not possible without the use of ssh or another command and control technique/software.

What if you put a script on the UF that queried the SHC, runs a search or reads a saved search/report, determines if the UF itself is in the list, and then executes the code. Make the script run on the UF every hour, etc.

0 Karma
Reply

ishaanshekhar
Communicator
‎05-10-2016 07:10 AM

Thanks @jkat54 .... but my irony is the actual data for the calculation of 'alert' condition is coming from the UFs themselves to the SHC.

If I were to put a script on the UFs to check on the SHC through REST endpoint, it would be easier to put a script that would check the data in question locally on UF rather than on SHC.

I was actually hoping for a REST end point to run a script in an app on UF, which I could call from the SHC.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-10-2016 07:23 AM

What is the criteria for your alert?

0 Karma
Reply

ishaanshekhar
Communicator
‎05-10-2016 08:22 AM

Things that are local to a UF server... such as disk space, process hung, memory, cpu increase etc.

The date comes from the UF to SHC, and the SHC is required to trigger a script on the UF for corrective action in case of threshold is met for any criteria.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...