Run a script alert action
| The run a script alert action is officially deprecated. It has been replaced with custom alert actions as a more scalable and robust framework for integrating custom actions. See About custom alert actions for implementation and migration information. |
If you have Splunk Enterprise, you can run an alert script when an alert triggers. Select Run a script from the Add Actions menu. Enter the file name of the script that you want to run.
For example, you can configure an alert to run a script that generates a Simple Network Management Protocol (SNMP) trap notification. The script sends the notification to another system such as a Network Systems Management console. You can configure a different alert that runs a script that calls an API, which in turn sends the triggering event to another system.
- Note: For security reasons, place all alert scripts in either of the following locations:
-
$SPLUNK_HOME/bin/scripts $SPLUNK_HOME/etc/<AppName>/bin/scripts
-
For details on alert script configuration in savedsearches.conf for a shell script or batch file that you create, see Configure scripted alerts in this manual.
| Monitor triggered alerts | Using custom alert actions |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.3.2411, 8.2.2112, 8.2.2201, 8.2.2203, 8.2.2202, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406, 9.3.2408 (latest FedRAMP release)
Download manual
Feedback submitted, thanks!