Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Change scripted alert script location?

Jason
Motivator
‎01-25-2011 04:33 PM

In trying to package up our app into its own app folder, we ran into an issue where it seems Splunk won't accept .. / \ in the script path, and will only look in $SPLUNK_HOME/bin/scripts. This seems oddly contrary to everything else in Splunk, which can be neatly packaged in an app.

Is there a way to allow alert scripts to reside in $SPLUNK_HOME/etc/ourapp/bin and still be run?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

ziegfried
Influencer
‎01-25-2011 06:59 PM

I've tried it once and wasn't able to get it working outside of bin/scripts. There's probably no way to this this right now. I've filed an ER back then. You should do this too if you want this to be available sometime in Splunk.

View solution in original post

Reply
Solved! Jump to solution

agent613
Explorer
‎12-16-2011 11:59 AM

This DOES work, but the documentation is wrong.

Contrary to what is stated here: http://wiki.splunk.com/Community:TroubleshootingAlertScripts and in the README file for each app, you need to put it in etc/apps//bin/scripts.

Then, in your alert, don't specify any path, just the name of the script.

Reply
Solved! Jump to solution

ruman
Splunk Employee
Splunk Employee
‎01-03-2014 09:33 PM

hmm. this doesn't work for me in splunk 6.0. even with a default.meta that exports everything.

according to http://wiki.splunk.com/Community:TroubleshootingAlertScripts, the script in the app will only be accessible by saved searches in the app's context.

i wonder if this used to work but was broken in 6.0? December 16 2011 would have been splunk 4.2 IIRC...maybe i'll downgrade and see if it works there...

Reply
Solved! Jump to solution

huister
New Member
‎05-15-2012 04:49 PM

Thanks agent613 this worked!
I'm trying to upvote you but I don't have enough points so I'll repeat what you said and add a bit.

The script must be in the /bin/scripts folder of the app.

So for alerts in the search app I put the script I want to run(DoSomethingOnAlert.sh) in

/opt/splunk/etc/apps/search/bin/scripts/

Under a saved search in the alert actions section under
"File name of shell script to run"
you can only put the filename WITHOUT path
(Otherwise you will get the "script location cannot contain" error message in /opt/splunk/var/log/splunk/splunkd.log)
so in here i have only the script name:

DoSomethingOnAlert.sh

0 Karma
Reply
Solved! Jump to solution
Solution

ziegfried
Influencer
‎01-25-2011 06:59 PM

I've tried it once and wasn't able to get it working outside of bin/scripts. There's probably no way to this this right now. I've filed an ER back then. You should do this too if you want this to be available sometime in Splunk.

Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎01-25-2011 06:00 PM

I believe you can place them in $SPLUNK_HOME/etc/ourapp/bin/scripts

0 Karma
Reply
Solved! Jump to solution

Jason
Motivator
‎01-25-2011 06:17 PM

Doesn't work. Splunk complained if I tried to put a full path in (ERROR script - Script location cannot contain "..", "/", or "\"), or just place the script in /etc/ourapp/bin/ or etc/ourapp/bin/scripts (ERROR script - Cannot find script at /opt/splunk/bin/scripts/script.sh) - other ideas?

Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...