cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
msevcik
Explorer
Member since: ‎11-12-2019
‎05-18-2021
Community Statistics
Posts 4
Solutions 0
Karma Given 2
Karma Received 1
Member Since ‎11-12-2019
Activity Feed
View All

Splunk App for Windows Infrastructure Searches Cau...

by in All Apps and Add-ons
‎05-18-2021 09:37 AM
1 Karma
‎05-18-2021 09:37 AM
1 Karma
We recently upgraded to a newer version of Splunk App for Windows Infrastructure.  It seems to be generating an enormous amount of memory consuming scheduled searches called tSessions_Lookup_Update.  Any way to slow this down or remove it entirely?  We usually just use the LDAP searches anyway, so I don't know if disabling these would be that detrimental. ... View more

Re: Getting error when trying to set up an alert f...

by in Alerting
‎06-01-2020 02:46 PM
‎06-01-2020 02:46 PM
Nevermind, I think I found where you can define the arguments sent to the script here: https://docs.splunk.com/Documentation/Splunk/8.0.3/AdvancedDev/CustomAlertScript [myjavaaction] . . . alert.execute.cmd = java.path alert.execute.cmd.arg.0 = -jar alert.execute.cmd.arg.1 = $SPLUNK_HOME/etc/apps/myapp/bin/my.jar alert.execute.cmd.arg.2 = --execute ... View more

Re: Getting error when trying to set up an alert f...

by in Alerting
‎06-01-2020 02:36 PM
‎06-01-2020 02:36 PM
Thank you, Rich, that definitely got it to run. The python script checks for the --execute flag and shuts down if it doesn't see it. We modeled it after a Splunk example python script. Any idea how we should be passing the different arguments to the script? I just want to alert on a certain event and pass along a value from one of fields in that event. Let me know if I need to start a new Splunk Answer. Thanks again. ... View more

Getting error when trying to set up an alert for s...

by in Alerting
‎06-01-2020 11:31 AM
‎06-01-2020 11:31 AM
I am trying to set up an alert that runs a script after finding a result. For some reason, we see this error each time we try to run the script: 06-01-2020 13:20:09.091 -0500 ERROR ModularUtility - Specified filename "/opt/splunk/etc/apps/TA-S3Deleter/bin/s3_file_deleter.py" not found in search path. 06-01-2020 13:20:09.091 -0500 ERROR sendmodalert - action=s3_file_deleter - Failed to find alert.execute.cmd "/opt/splunk/etc/apps/TA-S3Deleter/bin/s3_file_deleter.py". Here is how the alert_actions.conf is set up: [s3_file_deleter] is_custom = 1 label = S3 File Deleter description = This action passes along a value in filePath to a python script that will delete a file in an S3 bucket. payload_format = json alert.execute.cmd = /opt/splunk/etc/apps/TA-S3Deleter/bin/s3_file_deleter.py The script definitely exists in that directory. I've reviewed a lot of the documentation on this, and there is no good example for simply running a python script. Any insight would be greatly appreciated. Thanks. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎05-18-2021 02:25 PM
Karma from
View All
Karma given to
View All