How can I set up an alert to run a script in a location other than $SPLUNK_HOME/bin/scripts?
The scripts I need to run if the alerts I'm creating are triggered are installed by another product that my team has developed and is called by tools other than Splunk, so I can't just copy it over to a new location.
I suppose I could create a wrapper script for each alert and copy them to the Splunk location as part of my install process, but that seems inefficient.
You can use a dummy script as a wrapper, put it in $SPLUNK_HOME/bin/scripts
or in $SPLUNK_HOME/etc/<app>/bin/
Call the script from the splunk search, and pass a parameter (per search).
then the script calls another script on your instance (can use the parameter as a way to identify which one)
Remember that the initial script will be running as splunk.
You can use a dummy script as a wrapper, put it in $SPLUNK_HOME/bin/scripts
or in $SPLUNK_HOME/etc/<app>/bin/
Call the script from the splunk search, and pass a parameter (per search).
then the script calls another script on your instance (can use the parameter as a way to identify which one)
Remember that the initial script will be running as splunk.
That's what I was afraid of. Just wanted to make sure I wasn't missing anything.
Thanks for your help.