Create an alert that runs a script

In this section we will create an alert that will run a script when an error occurs. It will be a Per-result alert that will run a script if the message DISK FULL appears in the search. Here are the steps:

First, we will run our search:

alert 2

Next, we will go to Save As > Alert. The Save As Alert window opens. We will define the following parameters:

  • Title – disk full alert.
  • Description – this alert will run a script when the disk is full.
  • Permissions – set to Shared in App.
  • Alert type – Real-time.
  • Trigger alert when – Per-Result. This means that the alert will be triggered whenever the search returns a result.
  • When triggered – Run a script called free_space.bat, located in $SPLUNK_HOME\bin\scripts directory.

alert 3

Now, if a search returns any results for DISK FULL, the alert will be triggered and it will execute the script.

Geek University 2022