Hello everyone,
I need your help please.
I am trying to run the same script from an alert.
My script is in : /apps/my_app/bin/scripts/my_script.sh
I changed the permissions (everyone can read, write and execute the script) and the owner is splunk.
My log file is in /apps/my_app/bin/scripts/log_file.log (everyone can read, write and execute the log file) and the owner is splunk.
The sh script is :
DATE=`date '+%Y/%m/%d'`
echo $DATE >> /srv/opt/splunk/etc/apps/my_app/bin/scripts/log_file.log
Nothing happens, my file (log_file.log) is not modified, and II don't know where can I check the erros or problems due to the execution of the script from the alert.
First question : Where can we check the logs of the execution of the alert (if the script is running or if there is a problem)?
Second question: Is there something I should do enable running a script from an alert ? Can someone explain the steps we need to do to make the alert run the script ?
PS : I've already read the splunk doc.
Thank you for your help
... View more