Even thought it took me a while, I figured out how to get an alert to run a script. I came across with some problems when I discovered that our Splunk instance runs the script as the search head server that interfered with some of the script functionality. I placed some debugging spots in the script to send out emails of stdout, which works when I run under the system account locally on the box, but not when ran by Splunk.
I was wondering if there was a step-by-step process on how Splunk handles these scripts, so I can figure out where things may be getting hung up.
... View more