I have a script which takes all the 8 splunk args, extracts the csv containing the event details and then does some transformation before sending an alert to an IM.
To improve its reusability, I split out various parts of the script into separate shell scripts all located within a subdirectory of the main script splunk executes. Having completed is refactoring, I have successfully executed the main script passing in dummy (but sensible) values for all the expected args. Splunk is however is not successfully executing this main script.
I have followed most of the suggestions in the following wiki to no avail: http://wiki.splunk.com/Community:TroubleshootingAlertScripts
Increasing the logging to error in runshellscript.py does then reveal an error entry (in python.log) for my script when the alert fires. The error however simply outputs all the args that are passed down to the shell script. No other error is reported in this log.
Is there anywhere else I can look to see errors that might be emanating from splunk executing my script?
... View more