We have a script that splunk executes every minute on the minute...only problem is we do not have this scheduled as an alert or saved search. We cannot figure out why it is executed on the minute every minute. We can see the process in the aplunkd log however we do not see what/why it is being started. We have checked all alerts and no alerts are referencing this script. Anyone have a similar issue? How did you correct?
You could move the script out of the /bin/scripts folder. It will not prevent it from being called but would prevent the execution and may generate an error in the splunkd.log to help pinpoint what is calling it.
It is a script that was created by me, I had it scheduled to an alert. The alert was removed yet for some reason keeps trying to execute the script every minute. I thought it might just be repeating because it did not finish running. I replaced the script with a file that just had "exit" in it, but it is still being run every minute.