Splunk scripted alert not taking the arguments/var...

ajaybguthi · ‎06-17-2013

Hi
Am trying to configure scripted alerts from Splunk. But Splunk is not taking the arguments that are being passed. seeing the below error in the log files.

Cannot find script at /usr/Splunk/bin/scripts/sendtobmc.sh $5 $0 $1 $2 $3

If i remove the arguments that are being passed ($5 $0 ...) to the script its running the script fine with no issues

Please let me know if am missing anything here.

Thanks
Ajay.

Gilberto_Castil · ‎06-17-2013

When you specify the script to run via SplunkWeb, you do not need to extropolate which variables are to be passed. Instead, the script can act as wrapper to handle ALL variables.

At this point, your script has the ability to use the variables.

# sendtobmc.sh
#! /bin/sh

bmcExec=/usr/bin/bmc/myBMCExec.sh
$bmcExec "$5" "$0" "$1" "$2" "$3"

# end of sendtobmc.sh

In essence the script is a handler or a wrapper to handle the output passed by the alert.

gc

JSapienza · ‎06-17-2013

That's because the variables for the arguments are not defined. Is your scripts expecting the 5 arguments ? Post your script.

Splunk scripted alert not taking the arguments/variables

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability