Solved: Can I perform an action in server through Splunk?

Mrig342 · ‎06-02-2022

Hi All,

I want to understand if there is a way to perform an action to the server through Splunk.

For e.g.

to run ls -lrt command for a path
to kill/terminate a process
to run a script on the server etc.

Your kind help will be highly appreciated.

Thank you..!!

PickleRick · ‎06-02-2022

See https://docs.splunk.com/Documentation/Splunk/8.2.6/AdvancedDev/ModAlertsIntro

View solution in original post

PickleRick · ‎06-02-2022

You could write custom alert actions to perform various tasks but in general it's not something that really should be done by splunk. This is more a SOAR (like Phantom) domain, not Splunk Enterprise.

There would be many caveats to avoid/overcome (like handling credentials) so it's not that straightforward to do. But theoretically - yes, you can do "anything" using custom actions. As long as you can script it.

Mrig342 · ‎06-02-2022

Thank you @PickleRick

Can you help me with some splunk documents to go through on this topic to explore.

Your help is much appreciated..!!

PickleRick · ‎06-02-2022

See https://docs.splunk.com/Documentation/Splunk/8.2.6/AdvancedDev/ModAlertsIntro

Can I perform an action in server through Splunk?

configuration

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

Are you a member of the Splunk Community?

Can I perform an action in server through Splunk?

configuration

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!