Book Image

Splunk Operational Intelligence Cookbook

Book Image

Splunk Operational Intelligence Cookbook

Overview of this book

This book is intended for users of all levels who are looking to leverage the Splunk Enterprise platform as a valuable operational intelligence tool. The recipes provided in this book will appeal to individuals from all facets of a business – IT, Security, Product, Marketing, and many more!
Table of Contents (12 chapters)
11
Index

Alerting on failure and triggering a scripted response


By now, you have used every different type of alert available and many of the more common alert actions such as e-mailing. However, one extremely powerful alert action feature we are yet to touch upon is the ability to execute a script when an alert triggers.

In this recipe, you will create a simple real-time per-result alert that triggers when any 503 HTTP web server errors are detected. Upon triggering, the alert will execute a script that will write the details of the event to a local file on the server.

Getting ready

To step through this recipe, you will need a running Splunk Enterprise server, with the sample data loaded from Chapter 1, Play Time – Getting Data In. You should be familiar with navigating the Splunk user interface.

How to do it...

Follow the steps in this recipe to create an alert on failure and a scripted response:

  1. The first thing to do is to write the script that Splunk will execute. Splunk is able to output a number...