Alerting

fail to pop up window via the .bat executed by splunk alert

kurt28
Path Finder

hello, all

I want an alert to invoke a test.bat file, and I tested three test.bat file as follows:

test1.bat:
python "C:\Program Files\Splunk\bin\scripts\test.py"

and
test.py is

#*****************************test.py****************************************
output = open('C:\\Program Files\\Splunk\\bin\\scripts\\testtest.txt', 'w+')
output.write('Test for script')
output.close()
#*****************************test.py****************************************

It works for creating a file named testtest.txt in path C:\Program Files\Splunk\bin\scripts\ with content "Test for script".

test2.bat:
python "C:\Program Files\Splunk\bin\scripts\PopUpWindow.py"

and PopUpWindow.py is

#*****************************PopUpWindow.py****************************************
from tkinter import *

root = Tk()

var = StringVar()
label = Message( root, textvariable=var,relief=RAISED )

var.set("Hey!? How are you doing?\n")
label.pack()
root.mainloop()
#*****************************PopUpWindow.py****************************************

I can't get any pop up window but in "View recent" the script ran actually.

test3.bat:
python "C:\Program Files\Splunk\bin\scripts\test.py"
python "C:\Program Files\Splunk\bin\scripts\PopUpWindow.py"

I can get the testtest.txt in path C:\Program Files\Splunk\bin\scripts\ but no pop window.

can any one help?
I would be very grateful if you could help.

0 Karma
1 Solution

gpullis
Communicator

Does test2.bat work when run manually?

Have you considered writing something that instantiates Microsoft's MSG command instead of having Python create a dialog directly? That way, you should be able to get the message to pop-up on a system other than the one generating the alert.

View solution in original post

kurt28
Path Finder

I get the expected result when I run the batch file directly. Don't know why splunk alert invoke fails.

0 Karma

gpullis
Communicator

Does test2.bat work when run manually?

Have you considered writing something that instantiates Microsoft's MSG command instead of having Python create a dialog directly? That way, you should be able to get the message to pop-up on a system other than the one generating the alert.

kurt28
Path Finder

I will try it out. Thanks for your reply. ^^

0 Karma

gpullis
Communicator

Here's my guess on why the splunkd service couldn't pop a window... Think of two administrators logged into RDP sessions. When admin A runs your popup script, you wouldn't expect Admin B to see the window because they're in different sessions. Same idea with the splunkd service. It's in a different session. Plus, I think that services are normally "non-interactive". That is, they're specifically disallowed from manipulating the local GUI. That's why things like SQL Server need those little helpers running in your system tray. So something exists that the service can interact with.

0 Karma

kurt28
Path Finder

Sorry for not mentioning that all the three tests can be run manually, I can get either the testtest.txt or pop up window. I just don't know why batch file executed by splunk can write a text file but can't pop a window.
Btw, I ran python bundled with splunk and typed help('modules'). I found that there's not tkinter or Tkinter module.I guess it's the reason why I can't get the pop up window.
I tried Microsoft's MSG command and it succeeded to pop a message up. Thanks very much!!!

0 Karma

LukeMurphey
Champion

What happens if you run the batch file directly (i.e. outside of Splunk)?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...