Reputation: 325
Splunk : Adaptive Response Action is not generating logs
By referring this document I have created one adaptive response action which I am able to see on Incident Review dashboards on "Enterprise Security" App on Splunk.
I have used same name for custom_alert_action_script (python file in /bin) which I have used to define action in alert_actions.conf. In the python file I am using logger but it is not creating any logger file under "SPLUNK_HOME/var/log/splunk" directory whereas I can see log files for some of the adaptive response actions provided by splunk. Also when I "Run" my adaptive response action, it should call the custom_alert_action_script defined under /bin directory but I guess that is also not happening. I have used the same example as shown here http://dev.splunk.com/view/enterprise-security/SP-CAAAFBH
Can anyone help me on this? Thank you in advance :)
Upvotes: 0
Views: 219
Answers (2)
Reputation: 281
I faced similar issue while working on a small assignment some time back and the issue was very small in my case.
Add-on should be named depending upon its purpose as mentioned in this link [http://docs.splunk.com/Documentation/ES/3.3.3/Install/ESArchitecture]
So I think your add-on folder name should start with TA (Technology Add-on) and it will work as it worked for me.
Upvotes: 1
Reputation: 325
I made a mistake while creating Adaptive response action. As I was working on it for the first time I didn't follow the naming convention which was the reason behind this.
Upvotes: 0
Related Questions
- Trying to log to Splunk using logback appender
- Splunk alert firing too often, evem when the condition isn't met
- Using Splunk rex to extract String from logs
- logs to splunk are getting truncated
- Splunk Universal Forwarder not sending data to Indexer
- Local Log Analyzer Tool
- Splunk addon not working..no logs either
- Splunk is Monitoring Its own Logs
- Splunk Custom Log format Parsing
- Splunk Error Log Dashboard