Splunk Cloud Platform

Alerting Manual

Run a script alert action

The run a script alert action is officially deprecated. It has been replaced with custom alert actions as a more scalable and robust framework for integrating custom actions. See About custom alert actions for implementation and migration information.

If you have Splunk Enterprise, you can run an alert script when an alert triggers. Select Run a script from the Add Actions menu. Enter the file name of the script that you want to run.

For example, you can configure an alert to run a script that generates a Simple Network Management Protocol (SNMP) trap notification. The script sends the notification to another system such as a Network Systems Management console. You can configure a different alert that runs a script that calls an API, which in turn sends the triggering event to another system.

Note: For security reasons, place all alert scripts in either of the following locations:

  • $SPLUNK_HOME/bin/scripts
  • $SPLUNK_HOME/etc/<AppName>/bin/scripts

For details on alert script configuration in savedsearches.conf for a shell script or batch file that you create, see Configure scripted alerts in this manual.

Last modified on 21 April, 2017
Monitor triggered alerts   Using custom alert actions

This documentation applies to the following versions of Splunk Cloud Platform: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release)


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters