Alerting on failure and triggering a scripted response

By now, you have used every different type of alert available and many of the more common alert actions such as e-mailing. However, one extremely powerful alert action feature we are yet to touch upon is the ability to execute a script when an alert triggers.

In this recipe, you will create a simple real-time per-result alert that triggers when any 503 HTTP web server errors are detected. Upon triggering, the alert will execute a script that will write the details of the event to a local file on the server.

Getting ready

To step through this recipe, you will need a running Splunk Enterprise server, with the sample data loaded from Chapter 1, Play Time – Getting Data In. You should be familiar ...

Get Splunk: Enterprise Operational Intelligence Delivered now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Splunk: Enterprise Operational Intelligence Delivered by Betsy Page Sigman, Erickson Delgado, Josh Diakun, Paul R Johnson, Derek Mock, Ashish Kumar Tulsiram Yadav

Alerting on failure and triggering a scripted response

Getting ready

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly