topic Re: How to create a custom alert action Python script with parameters from search results? in Splunk Dev https://community.splunk.com/t5/Splunk-Dev/How-to-create-a-custom-alert-action-Python-script-with/m-p/643844#M11057 <P>Hi,</P><P>I saw that you send 10 events to alert action but you just get one event in result. Is there any way that we can capture all 10 events?</P> Thu, 18 May 2023 23:15:46 GMT vietlq414 2023-05-18T23:15:46Z How to create a custom alert action Python script with parameters from search results? https://community.splunk.com/t5/Splunk-Dev/How-to-create-a-custom-alert-action-Python-script-with/m-p/467048#M8420 <P>Hi, I tried to create a custom alert action that operates a script, but I didn't understand how to send parameters from the search results to the script.</P> <P>For example: a script that checks Windows version for every IP address in the search results. How do I send the results to my script? What do I have to put in alert_actions.conf and in my script?</P> <P>Please try to explain instead of just sending links to Splunk Docs, I read these and still didn't find my answer.</P> <P>Thanks</P> Wed, 17 Jun 2020 20:55:29 GMT https://community.splunk.com/t5/Splunk-Dev/How-to-create-a-custom-alert-action-Python-script-with/m-p/467048#M8420 agentsofshield 2020-06-17T20:55:29Z Re: How to create a custom alert action Python script with parameters from search results? https://community.splunk.com/t5/Splunk-Dev/How-to-create-a-custom-alert-action-Python-script-with/m-p/467049#M8421 <P>Hi,</P> <P>The results of your SPL search are passed to your custom alert action script from stdin as json format. <BR /> This example will create a file testResult.txt within bin directory.. you can check out the json there..</P> <PRE><CODE>from __future__ import print_function from future import standard_library standard_library.install_aliases() import sys, json, urllib.request, urllib.error, urllib.parse if __name__ == "__main__": if len(sys.argv) &lt; 2 or sys.argv[1] != "--execute": print("FATAL Unsupported execution mode (expected --execute flag)", file=sys.stderr) sys.exit(1) else: #settings = json.loads(sys.stdin.read()) result = sys.stdin.read() settings = json.loads(result) file = open("testResult.txt", "w") file.write(result) file.close() print("here we go", settings) sys.exit(0) </CODE></PRE> <P>resulting json for search:<BR /> index=_internal | head 10 | rename host as testhost sourcetype as testsourcetype source as testsource | table testhost testsourcetype testsource</P> <P>{"app":"search"...","<STRONG>result":{"testhost":"hostname","testsourcetype":"splunkd_ui_access","testsource":"/Users/andreas/splunk/var/log/splunk/splunkd_ui_access.log"</STRONG>}}</P> Wed, 30 Sep 2020 02:02:32 GMT https://community.splunk.com/t5/Splunk-Dev/How-to-create-a-custom-alert-action-Python-script-with/m-p/467049#M8421 schose 2020-09-30T02:02:32Z Re: How to create a custom alert action Python script with parameters from search results? https://community.splunk.com/t5/Splunk-Dev/How-to-create-a-custom-alert-action-Python-script-with/m-p/643844#M11057 <P>Hi,</P><P>I saw that you send 10 events to alert action but you just get one event in result. Is there any way that we can capture all 10 events?</P> Thu, 18 May 2023 23:15:46 GMT https://community.splunk.com/t5/Splunk-Dev/How-to-create-a-custom-alert-action-Python-script-with/m-p/643844#M11057 vietlq414 2023-05-18T23:15:46Z