Re: Run a Script] is not executed in ITSI after Sp...

hasegawaarte · ‎09-11-2023

Hi,

In ITSI > Notable Event Aggregation Policies > Action Rules, "Run a script" can no longer be executed.

The work that triggered the event to occur
- Splunk Core Version Up (8.2.7 > 9.0.5.1)

Environment before the work
- Splunk Core 8.2.7
- ITSI 4.11.6
- Configure Run a Script [File name] "patlite.sh RED" > Running enabled
Post-work environment
- Splunk Core 9.0.5.1
- ITSI 4.11.6
- Configure Run a Script [File name] "patlite.sh RED" > Not working

Script Deployment Location
/opt/splunk/etc/apps/SA-ITOA/bin/scripts/patlite.sh

The ITSI version has not been changed, only the Splunk Core version change, but is there some configuration change that needs to be made?

skramp · ‎09-14-2023

do you see something in _internal regarding the execution of the script? What about other scripts, if you create a new action rule with a different script, does this work or are all scripts failing?

Why Run a Script is not executed in ITSI after Splunk core version upgrade?

troubleshooting

upgrade

using ITSI

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

Join the Conversation