Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Script being executed every minute - not scheduled

mookiie2005
Communicator
‎01-23-2014 11:28 AM

We have a script that splunk executes every minute on the minute...only problem is we do not have this scheduled as an alert or saved search. We cannot figure out why it is executed on the minute every minute. We can see the process in the aplunkd log however we do not see what/why it is being started. We have checked all alerts and no alerts are referencing this script. Anyone have a similar issue? How did you correct?

0 Karma
Reply

mookiie2005
Communicator
‎01-24-2014 05:49 AM

Well we tried that and it is not finding any references in the splunk files.

0 Karma
Reply

mux
Explorer
‎01-23-2014 02:07 PM

If you look in the python log (not splunkd) it should have details on the scripts being called, you can search for runshellscript

0 Karma
Reply

linu1988
Champion
‎01-24-2014 05:54 AM

Did you customize any scripts/command in splunk?

0 Karma
Reply

mux
Explorer
‎01-24-2014 05:52 AM

I have a script running from an alert and it shows in the python logs everytime a specific Webspere JVM is activated or deactived. Sorry this did not help.

0 Karma
Reply

mookiie2005
Communicator
‎01-24-2014 05:47 AM

We tried that, runshellscript is only in the python logs when a script is run from the cli not when it is called by an alert.

0 Karma
Reply

kristian_kolb
Ultra Champion
‎01-23-2014 02:05 PM

Ok then search for files containing the string that matches your script name. I'm sure there is some built-in GUI tool for searching through the files on disk in windows.

0 Karma
Reply

mux
Explorer
‎01-23-2014 02:04 PM

You could move the script out of the /bin/scripts folder. It will not prevent it from being called but would prevent the execution and may generate an error in the splunkd.log to help pinpoint what is calling it.

0 Karma
Reply

mookiie2005
Communicator
‎01-24-2014 05:46 AM

We have done this, we are looking for a way to stop it from being called.

0 Karma
Reply

mookiie2005
Communicator
‎01-23-2014 01:56 PM

The server is running on a windows environment. The script should not be executed in Real-time as we have never create any alerts against a real-time search.

0 Karma
Reply

kristian_kolb
Ultra Champion
‎01-23-2014 01:53 PM

Or do you have a real-time search that is still running that calls the script as an alert action?

0 Karma
Reply

kristian_kolb
Ultra Champion
‎01-23-2014 01:50 PM

interesting, can you do a grep -R your_script_name * in /opt/splunk/etc and see where it turns up?

0 Karma
Reply

mookiie2005
Communicator
‎01-23-2014 01:42 PM

It is a script that was created by me, I had it scheduled to an alert. The alert was removed yet for some reason keeps trying to execute the script every minute. I thought it might just be repeating because it did not finish running. I replaced the script with a file that just had "exit" in it, but it is still being run every minute.

0 Karma
Reply

kristian_kolb
Ultra Champion
‎01-23-2014 12:30 PM

what is the script called...? What apps do you have installed?

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...