Alerting

Send Alerts or Traps to MOM

nikhilmehra79
Path Finder

Hi Guys,

QQ : is there a way we can send alerts or traps from Splunk to another system which happen to be MOM (manager of Manage), we want to consolidate all alerts at one place, and logically it makes sense to send Log Analyzed Alerts and Operational Integglicence alerts from Splunk to MOM ...please suggest...

Tags (1)
0 Karma

linu1988
Champion

Hello Nikhil,
This is the best way, from that you can do anything. You will get the splunk result which is filtered and analyzed in a proper format.

Other than this, we will have SDKs with Python,C# etc..
So it depends on you what you want to do. Other one also we have REST API call using curl.

http://dev.splunk.com/view/csharp-sdk/SP-CAAAEPK
0 Karma

nikhilmehra79
Path Finder

ok i will.

0 Karma

linu1988
Champion

Don't think so.

Could pleas refer this again?

_http://wiki.splunk.com/Community:TroubleshootingAlertScripts

0 Karma

nikhilmehra79
Path Finder

my new test.bat is at D:\Splunkv5\bin\scripts with no duplicate in app folder.

0 Karma

nikhilmehra79
Path Finder

didnt worked with this simple test, can it be a bug?

0 Karma

nikhilmehra79
Path Finder

created as you stated...waiting for new event

0 Karma

linu1988
Champion

yeah its okay, warning/error will come in splunkd.log. there is more to it. is t working now or not?

Just create a file test.bat

edit-> mkdir test

test with this much rather than your log output. If it works or not. After that you can experiment on your own.

0 Karma

nikhilmehra79
Path Finder

is it possible that you see an entry in python.log but not in splunkd.log, i am now seeing such behaviour too.

0 Karma

linu1988
Champion

if you put it in D:\Splunkv5\bin\scripts , any app can access this script.

If you put it in app\bin\scripts directory then only your app can access it. If you have it at both location app dir will be used.

So better not be confused keep it at one location. Delete the splunkd.log. Try enabling the search again find out where the problem exactly is / >d:\test_output.txt or some other location.

0 Karma

nikhilmehra79
Path Finder

one thing not sure do you need to recycle splunkd at some stage...

0 Karma

nikhilmehra79
Path Finder

I checked dir for Script location at
D:\Splunkv5\bin\scripts>dir

Directory of D:\Splunkv5\bin\scripts

01/01/2014 04:01 AM

.
01/01/2014 04:01 AM ..
12/31/2013 05:04 PM 14 data.txt
12/31/2013 06:22 PM 68 NewLog.txt
09/03/2013 06:27 PM 72 readme.txt
01/01/2014 01:52 AM 137 SendTrapScript.bat

Also the alert --> SendTrapScript.bat
Question is where does the script should be on server,
Under the application bin directory or D:\Splunkv5\bin\scripts?

0 Karma

linu1988
Champion

did you mention SendTrapScript.bat or just SendTrapScript in the alert? or the physical file is not like SendTrapScript.bat.bat? Please check you are quite close.

0 Karma

nikhilmehra79
Path Finder

May be a hint : i see following at Splunkd.log
ERROR script - command="runshellscript", Cannot find script at D:\Splunkv5\bin\scripts\SendTrapScript
But i have a SendTrapScript.bat located at this location

0 Karma

linu1988
Champion

Check splunkd.log in var\log\splunk folder if you are getting error like "Cannot find script at E:\Apps\Splunk\bin\scripts\Test.bat". I have not tried it with a real time search. Try with a scheduled search to run every 1 min. My bat file created under search\bin\scripts contain only

md test

thats it to test. And i have tested in a realtime search also it's working. It will keep calling the script whenever result matches. Creating scripts under bin/scripts will be accessed globally by any app. arguments are not need as long as you don't use it. Try to work out the script first.

0 Karma

nikhilmehra79
Path Finder

can you paste content of your Test.bat

0 Karma

nikhilmehra79
Path Finder

I created my own App for Operations, i initially thought that the script under SplunkHome/bin/scripts will be called but it seems like the default it is going under My Custom app @ /etc/apps/NOCApp/bin/scripts....i am using splunk 5.0.5. Is there is a way to debug more...

Another thing is my search is on Real Time - shall i run on Saved Scheule Search (not sure if it make any sense or differenece since python.log shows it is passing 9 arguments)

When you say you have created a new folder ...where ? or your bat file at SplunkHome/bin/scripts is outputting to create a folder when called.

0 Karma

linu1988
Champion

just tried in my PC, created a dummy search to run every minute. Bat file Test.bat creates a folder md Test.Every minute it creates after i delete the folder manually just outside the script directory. Am using Splunk v6.0.1. Not sure where are you getting error. Under which app your search/Alert exists?

0 Karma

nikhilmehra79
Path Finder

domain service accnt is already part of local admin group on the server...

0 Karma

linu1988
Champion

yes please do that and add it to admin group.

0 Karma

nikhilmehra79
Path Finder

I just checked both splunkd and splunkweb are running under my Service account with which i am logged in and it is a domain account with admin privs

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...