splunk failing to fire a scripted alert

tympaniplayer · ‎10-27-2011

Hi, I am using a windows batch file to launch a program called bmail to connect to a server to send an email when the alert is triggered. The script is in the correct directory ( splunk\ bin\ scripts). When the program is run manually it works fine. Something I am missing?

jbsplunk · ‎10-27-2011

A couple of questions:

Are the criteria for the action you expect to be executed happening in the results?

Did you check your secheduler.log to ensure that the script actually did fire when you expected it to fire?

The log is in $SPLUNK_HOME/var/log/splunk/. I usually check here to see if the script was actually fired. If it was, the firing of the script is performed by python, so you may way to check the python.log to see if anything interesting pops up there.

tympaniplayer · ‎10-28-2011

Same user executing manually as is running splunk. Checked scheduler.log, everything is firing like it is supposed to. nothing interesting in python.log it says its fired in there as well.

Lamar · ‎10-27-2011

Is the user that runs Splunk the same user you're using to manually execute the script?

You may not have the same environment variables for each user which might allow you to execute the bmail executable.

Just curious.

tympaniplayer · ‎10-27-2011

in splunkd.log i get this
'bmail' is not recognized as an internal or external command.

why would it work when i do it manually, but not work when splunk shoots it off?

they python log says it is firing it is as well. No luck

splunk failing to fire a scripted alert

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!