Solved: Why is my alert script output in Chinese character...

alaking · ‎01-06-2016

I wrote a script that does the following:

cat $SPLUNK_ARG_8 > /tmp/$SPLUNK_ARG_4.csv

Unfortunately, I am getting lots of characters similar to: 噪 instead of the logs. The logs are in English, and I can read them. The script output is not. I am running Splunk on Redhat. Has anyone encountered this kind of error before?

alaking · ‎01-07-2016

I figured it out, but for the sake of clarity: $SPLUNK_ARG_8 is a gzip file. I would like to suggest that this be noted in the docs under the scripting area.
Hope this helps.

View solution in original post

alaking · ‎01-07-2016

I figured it out, but for the sake of clarity: $SPLUNK_ARG_8 is a gzip file. I would like to suggest that this be noted in the docs under the scripting area.
Hope this helps.

frobinson_splun · ‎01-07-2016

Hi @alaking,

I can make a note of this in our documentation.

I noticed that this previous Answers posts also mentions that the raw data file is in gzip format:
https://answers.splunk.com/answers/227220/output-search-results-from-alert-to-syslog-retriev.html

Just so you know, scripted alerts are deprecated. Depending on the software version you have, you might consider a custom alert action instead. Here is a link to our documentation on creating custom alert actions:
http://docs.splunk.com/Documentation/Splunk/6.3.1511/AdvancedDev/ModAlertsIntro

Hope this helps!

Why is my alert script output in Chinese characters?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms