Alerting

Is there a way to trigger an alert in Splunk Cloud to send something to my heavy forwarder to run a script?

JScordo
Path Finder

I have a request for an alert in Splunk Cloud to run a script whenever triggered. The issue is that due to networking rules, I cannot open up the firewall from SC to my device that needs the script. I do have an open connection from SC to my Heavy Forwarder and my HF can access my device. So my question is, is there a way for an alert to be triggered on SC and something be sent to my HF to run the necessary script?

The most similar answer I could find was this one. https://answers.splunk.com/answers/436904/running-an-alert-script-locally-when-using-splunk.html

I was trying to do this without having to reach out to support, but any advice would be appreciated.

Thank you.

0 Karma

pgreer_splunk
Splunk Employee
Splunk Employee

Only way I know of how to do this is to set up hybrid search where a search head (the heavy forwarder?) is on premise and is able to search your Splunk Cloud indexers. Thus the alert can be set up on-prem and thus has access to first see the data to trigger the alert but also have access to your device in order to trigger the run of the script. That being said, this does require Splunk Support/Ops to set up.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...