O'Reilly logo

Implementing Splunk: Big Data Reporting and Development for Operational Intelligence by Vincent Bumgarner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Writing a scripted alert action to process results

Another option for interfacing with an external system is to run a custom Alert action using the results of a saved search. Splunk provides a simple example in $SPLUNK_HOME/bin/scripts/echo.sh. Let's try it out and see what we get, using the following steps:

  1. Create a saved search. For this test, do something cheap, such as the following:
    index=_internal | head 100 | stats count by sourcetype
  2. Schedule the search to run at some point in the future. I set it to run every five minutes, just for this test.
  3. Enable Run a script and type in echo.sh.
    Writing a scripted alert action to process results

The script places the output into $SPLUNK_HOME/bin/scripts/echo_output.txt ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required