All Apps and Add-ons

pingstatus command: Why am I getting "Unknown command 'pingstatus'" trying to set up an alert?

wburns0185k
Engager

I have been using Pingstatus to search for PCs that are in an "Up" state and looking at the number of connected users to find a load balancer issue. This works perfectly as a search, but when I try to set up an alert for this, I receive no errors, but also receive no alerts.

When troubleshooting, the search returns no results. It flags my pingstatus call as an "Unknown command 'pingstatus'. Do you mean 'sistats'?"

I've tried playing with the permissions of the Pingstatus app to make sure it was running, but it runs in the Search and Reporting app... which I assume is where alerting runs out of anyway.

Help?

sourcetype="VDI_Server_IP" |pingstatus url as IP1| table DataCenter, IP1, pingdelay|sort -DataCenter|eval range = if(pingdelay >0, "1","0")|stats sum(range) by DataCenter|rename sum(range) as check

ndoshi
Splunk Employee
Splunk Employee

The README.txt explains that you need to set up commands.conf and authorize.conf for the command.

Copy the bin/pingstatus.py bin/ping.py and (optional) bin/ping.pyc files to your
$SPLUNK_HOME/etc/system/bin directory. Then, in your local
$SPLUNK_HOME/etc/system/local directory, create or edit existing authorize.conf
and commands.conf.

In commands.conf add:

[pingstatus]
FILENAME = pingstatus.py

In authorize.conf add:

[capability::run_script_pingstatus]

[role_admin]
run_script_pingstatus = enabled

Restart Splunk to test the commmand.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...