In this section we will create an alert that will run a script when an error occurs. It will be a Per-result alert that will run a script if the message DISK FULL appears in the search. Here are the steps:
First, we will run our search:
Next, we will go to Save As > Alert. The Save As Alert window opens. We will define the following parameters:
- Title – disk full alert.
- Description – this alert will run a script when the disk is full.
- Permissions – set to Shared in App.
- Alert type – Real-time.
- Trigger alert when – Per-Result. This means that the alert will be triggered whenever the search returns a result.
- When triggered – Run a script called free_space.bat, located in $SPLUNK_HOME\bin\scripts directory directory.
Now, if a search returns any results for DISK FULL, the alert will be triggered and it will execute the script.