- Splunk Answers
- :
- Using Splunk
- :
- Alerting
- :
- Alert Script in App
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I am currently able to successfully have a script execute after a search when located in $SPLUNK_HOME/bin/scripts. However, I would like to have my scripts be separated by apps. I have the script located now in $SPLUNK_HOME/etc/my_app_name/bin/scripts, but it doesn't work.
I've also put it in $SPLUNK_HOME/etc/apps/my_app_name/bin/scripts and have not succeeded.
Does anyone know how to get a script to work just in the context of an app?
Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
The directories are correct. Which OS and version of splunk are you using? Did you check if there is any dependency of path in the script itself? i have scripts running from the app itself. And Make sure the search also moved to the respective app. e.g. if you have your search is placed in search app it will be able to find it in global bin/script directory but it won't look into your_app directory.
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
The directories are correct. Which OS and version of splunk are you using? Did you check if there is any dependency of path in the script itself? i have scripts running from the app itself. And Make sure the search also moved to the respective app. e.g. if you have your search is placed in search app it will be able to find it in global bin/script directory but it won't look into your_app directory.
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
$SPLUNK_HOME/etc/apps/my_app_name/bin/scripts is the correct directory.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes it should work as expected then. Please go and check in the python.log in log folder what is the error you are getting when the search triggers the script?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
well it's in the savedsearches.conf in the app folder, is that what you mean?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I meant the saved search which triggers the script should be present in the respective app folder rather than search app. Could you try that?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I am running Splunk version 5.0.3, build 163460 on Ubuntu 12.04.2.
I do not see any dependency of the script itself. It works fine when I put it in $SPLUNK_HOME/etc/my_app_name/bin/scripts
I don't understand this, did you mean to say "script" instead of "search"?
"And Make sure the search also moved to the respective app. e.g. if you have your search is placed in search app it will be able to find it in global bin/script directory but it won't look into your_app directory."
Thanks for your help!
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
