Run a script alert action
The run a script alert action is officially deprecated. It has been replaced with custom alert actions as a more scalable and robust framework for integrating custom actions. See About custom alert actions for implementation and migration information. |
If you have Splunk Enterprise, you can run an alert script when an alert triggers. Select Run a script from the Add Actions menu. Enter the file name of the script that you want to run.
For example, you can configure an alert to run a script that generates a Simple Network Management Protocol (SNMP) trap notification. The script sends the notification to another system such as a Network Systems Management console. You can configure a different alert that runs a script that calls an API, which in turn sends the triggering event to another system.
- Note: For security reasons, place all alert scripts in either of the following locations:
-
$SPLUNK_HOME/bin/scripts
$SPLUNK_HOME/etc/<AppName>/bin/scripts
-
For details on alert script configuration in savedsearches.conf
for a shell script or batch file that you create, see Configure scripted alerts in this manual.
Monitor triggered alerts | Using custom alert actions |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408
Feedback submitted, thanks!