Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Run a script on UF from SHC

ishaanshekhar
Communicator
‎05-09-2016 12:05 AM

Hi,

I have a few scheduled alerts setup on my SHC. The output is the list of hosts (UFs) that fall in the alert criteria.

I need my alert to also run a script on all the remote hosts (UFs) that fall in the alert criteria.

I understand we can have a script on the local SHC to call the remote script on UF using ssh. But I dont want to follow that route. I wish to have a script in an app on UF and have it run by SHC.

Is that possible directly? or through a rest endpoint? or any other technique?

Thanks
Ishaan

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-09-2016 06:46 AM

Im afraid this exact requirement SHC to UF is not possible without the use of ssh or another command and control technique/software.

What if you put a script on the UF that queried the SHC, runs a search or reads a saved search/report, determines if the UF itself is in the list, and then executes the code. Make the script run on the UF every hour, etc.

0 Karma
Reply

ishaanshekhar
Communicator
‎05-10-2016 07:10 AM

Thanks @jkat54 .... but my irony is the actual data for the calculation of 'alert' condition is coming from the UFs themselves to the SHC.

If I were to put a script on the UFs to check on the SHC through REST endpoint, it would be easier to put a script that would check the data in question locally on UF rather than on SHC.

I was actually hoping for a REST end point to run a script in an app on UF, which I could call from the SHC.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-10-2016 07:23 AM

What is the criteria for your alert?

0 Karma
Reply

ishaanshekhar
Communicator
‎05-10-2016 08:22 AM

Things that are local to a UF server... such as disk space, process hung, memory, cpu increase etc.

The date comes from the UF to SHC, and the SHC is required to trigger a script on the UF for corrective action in case of threshold is met for any criteria.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...