Hi Guys,
QQ : is there a way we can send alerts or traps from Splunk to another system which happen to be MOM (manager of Manage), we want to consolidate all alerts at one place, and logically it makes sense to send Log Analyzed Alerts and Operational Integglicence alerts from Splunk to MOM ...please suggest...
Hello Nikhil,
This is the best way, from that you can do anything. You will get the splunk result which is filtered and analyzed in a proper format.
Other than this, we will have SDKs with Python,C# etc..
So it depends on you what you want to do. Other one also we have REST API call using curl.
http://dev.splunk.com/view/csharp-sdk/SP-CAAAEPK
ok i will.
Don't think so.
Could pleas refer this again?
_http://wiki.splunk.com/Community:TroubleshootingAlertScripts
my new test.bat is at D:\Splunkv5\bin\scripts with no duplicate in app folder.
didnt worked with this simple test, can it be a bug?
created as you stated...waiting for new event
yeah its okay, warning/error will come in splunkd.log. there is more to it. is t working now or not?
Just create a file test.bat
edit-> mkdir test
test with this much rather than your log output. If it works or not. After that you can experiment on your own.
is it possible that you see an entry in python.log but not in splunkd.log, i am now seeing such behaviour too.
if you put it in D:\Splunkv5\bin\scripts , any app can access this script.
If you put it in app\bin\scripts directory then only your app can access it. If you have it at both location app dir will be used.
So better not be confused keep it at one location. Delete the splunkd.log. Try enabling the search again find out where the problem exactly is / >d:\test_output.txt or some other location.
one thing not sure do you need to recycle splunkd at some stage...
I checked dir for Script location at
D:\Splunkv5\bin\scripts>dir
Directory of D:\Splunkv5\bin\scripts
01/01/2014 04:01 AM
Also the alert --> SendTrapScript.bat
Question is where does the script should be on server,
Under the application bin directory or D:\Splunkv5\bin\scripts?
did you mention SendTrapScript.bat or just SendTrapScript in the alert? or the physical file is not like SendTrapScript.bat.bat? Please check you are quite close.
May be a hint : i see following at Splunkd.log
ERROR script - command="runshellscript", Cannot find script at D:\Splunkv5\bin\scripts\SendTrapScript
But i have a SendTrapScript.bat located at this location
Check splunkd.log in var\log\splunk folder if you are getting error like "Cannot find script at E:\Apps\Splunk\bin\scripts\Test.bat". I have not tried it with a real time search. Try with a scheduled search to run every 1 min. My bat file created under search\bin\scripts contain only
md test
thats it to test. And i have tested in a realtime search also it's working. It will keep calling the script whenever result matches. Creating scripts under bin/scripts will be accessed globally by any app. arguments are not need as long as you don't use it. Try to work out the script first.
can you paste content of your Test.bat
I created my own App for Operations, i initially thought that the script under SplunkHome/bin/scripts will be called but it seems like the default it is going under My Custom app @ /etc/apps/NOCApp/bin/scripts....i am using splunk 5.0.5. Is there is a way to debug more...
Another thing is my search is on Real Time - shall i run on Saved Scheule Search (not sure if it make any sense or differenece since python.log shows it is passing 9 arguments)
When you say you have created a new folder ...where ? or your bat file at SplunkHome/bin/scripts is outputting to create a folder when called.
just tried in my PC, created a dummy search to run every minute. Bat file Test.bat creates a folder md Test.Every minute it creates after i delete the folder manually just outside the script directory. Am using Splunk v6.0.1. Not sure where are you getting error. Under which app your search/Alert exists?
domain service accnt is already part of local admin group on the server...
yes please do that and add it to admin group.
I just checked both splunkd and splunkweb are running under my Service account with which i am logged in and it is a domain account with admin privs