Hi Team,
We have a requirement where we need to run script on remote server based on search condition from Splunk
Example, from search results, found that for 10 servers, windows service is down,
as a part of alert condition Splunk need to login into the remote server and start the service using script
wanted to check can this be done?.
any leads to related to recourses will be helpful
That is exactly what Splunk SOAR is for.
Splunk Enterprise lets you run a script when an alert is triggered, but that feature has been deprecated for a while. It should still work, however. Note that the script runs on the local Splunk server. It's up to the you and the script to get something running on the remote server.