Re: Is there a way to trigger an alert in Splunk C...

JScordo · ‎10-13-2016

I have a request for an alert in Splunk Cloud to run a script whenever triggered. The issue is that due to networking rules, I cannot open up the firewall from SC to my device that needs the script. I do have an open connection from SC to my Heavy Forwarder and my HF can access my device. So my question is, is there a way for an alert to be triggered on SC and something be sent to my HF to run the necessary script?

The most similar answer I could find was this one. https://answers.splunk.com/answers/436904/running-an-alert-script-locally-when-using-splunk.html

I was trying to do this without having to reach out to support, but any advice would be appreciated.

Thank you.

pgreer_splunk · ‎10-27-2016

Only way I know of how to do this is to set up hybrid search where a search head (the heavy forwarder?) is on premise and is able to search your Splunk Cloud indexers. Thus the alert can be set up on-prem and thus has access to first see the data to trigger the alert but also have access to your device in order to trigger the run of the script. That being said, this does require Splunk Support/Ops to set up.

Is there a way to trigger an alert in Splunk Cloud to send something to my heavy forwarder to run a script?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases