- Splunk Answers
- :
- Using Splunk
- :
- Alerting
- :
- Re: Alert Script is not running?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Alert Script is not running?
I created an alert, it is working fine. When I echo into a "echo_output.sh" file, it works fine. When I'm trying to echo the same content on the console, nothing happens. When I manually execute the file ( instead of, from the splunk) it runs as expected.
Here is the link for another question, this question also has the same issue as my question.
http://answers.splunk.com/answers/92958/alert-script-not-running-splunk.html
I hope to get some help soon.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, Splunk will launch scripts from within it's runtime env. Does your scripts run if you run them from splunk cmd line?
cd to splunk_home (wherever splunk is installed)
cd bin
./splunk cmd path_to_your_script/echo_output.sh
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, I just checked. I get the expected output when I use "./splunk cmd path_to_your_script/echo_output.sh"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok. I might have misunderstood your question. Are to trying to send off an alert to STDOUT from within splunk (using splunk scheduler)?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I want to disable the input from the console when an alert is generated.
For disabling the output, I need to "cd to the directory" where input.conf file is present and change the "disable=false" to true. I want to do this using the script which runs when I get an alert. I need my script to work on the console.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If your use case is to disable an input (x) on a triggered alert (y)... are you using generic cmds to make this change (sed,awk etc ) or splunk CLI?
You are essentially trying to change a config that is already active within the session. Typically making such a change via CLI (eg: splunk edit monitor) would prompt for user and password. Additionally you need to have a way to reload the config after your change. Were you planning on use a REST call for this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you have the hashbang at the top of your script?
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
.conf24 | Personalize your .conf experience with Learning Paths!
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
