|
I want to configure a saved search alert to trigger a script contained inside my app. The security measures only allow me to run the script from $SPLUNK_HOME/bin/scripts, making it difficult to ship it with the app. Is there a workaround for this? |
|
The solution would be to put the script inside /etc/apps/[appname]/bin and put the script name in savedsearches.conf: action.script.filename = myscript.bat 2
The script should actually be placed directly in /etc/apps/[appname]/bin. Files in a 'script' subdirectory of 'bin' are probably ignored.
(18 May '10, 00:24)
ewoo ♦
Actually I'm trying this now on 4.1.3 and it doesn't work when the script is placed in either script or bin directory.
(09 Jun '10, 19:08)
Leo ♦
|
|
the alert script should be placed in: The error message you're seeing occurs because splunk first looks in the above app level directory and then falls back to the system level script location |
|
Leo, this doesn't appear to work, at least in version 4.1.2. When I create a script (verified executable) in $SPLUNK_HOME/etc/apps/myapp/bin/ and create a scheduled search (also running out of myapps/local/savedsearch.conf) that triggers the script, I still see that Splunk is looking in $SPLUNK_HOME/bin/scripts for the script: What am I missing to get it to run from my app's bin directory? |
