Solved: Alert scripts in non-Splunk location

APNelson · ‎02-10-2014

How can I set up an alert to run a script in a location other than $SPLUNK_HOME/bin/scripts?

The scripts I need to run if the alerts I'm creating are triggered are installed by another product that my team has developed and is called by tools other than Splunk, so I can't just copy it over to a new location.

I suppose I could create a wrapper script for each alert and copy them to the Splunk location as part of my install process, but that seems inefficient.

yannK · ‎02-10-2014

You can use a dummy script as a wrapper, put it in $SPLUNK_HOME/bin/scripts or in $SPLUNK_HOME/etc/<app>/bin/

Call the script from the splunk search, and pass a parameter (per search).
then the script calls another script on your instance (can use the parameter as a way to identify which one)
Remember that the initial script will be running as splunk.

View solution in original post

yannK · ‎02-10-2014

You can use a dummy script as a wrapper, put it in $SPLUNK_HOME/bin/scripts or in $SPLUNK_HOME/etc/<app>/bin/

Call the script from the splunk search, and pass a parameter (per search).
then the script calls another script on your instance (can use the parameter as a way to identify which one)
Remember that the initial script will be running as splunk.

APNelson · ‎02-11-2014

That's what I was afraid of. Just wanted to make sure I wasn't missing anything.

Thanks for your help.

Alert scripts in non-Splunk location

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life