topic Re: Splunk python script trap issue in Splunk Dev https://community.splunk.com/t5/Splunk-Dev/Splunk-python-script-trap-issue/m-p/406393#M7006 <P>Are you using Splunk Enterprise Security and referring to notables/incidents? is your python script is a modalert adaptive response based? Have you looked at using Add-on-Builder app to create your alert?</P> Tue, 26 Feb 2019 09:59:07 GMT lakshman239 2019-02-26T09:59:07Z Splunk python script trap issue https://community.splunk.com/t5/Splunk-Dev/Splunk-python-script-trap-issue/m-p/406392#M7005 <P>IN my environment i am using python script to sent trap .please find the script below ...<BR /> Script is working fine using this i am able to generate the incident through tool.<BR /> For my concern is i have received only one source detail in the incident.<BR /> i need all the source details what ever available in the column need to sent in trap server .</P> <P>Please help any one...</P> <PRE><CODE>import os import csv import gzip import subprocess import shlex os.chdir(os.path.dirname(__file__)) if __name__ == "__main__": #Read the environment variables that Splunk has passed to us scriptName = os.environ['SPLUNK_ARG_0'] numberEventsReturned = os.environ['SPLUNK_ARG_1'] searchTerms = os.environ['SPLUNK_ARG_2'] queryString = os.environ['SPLUNK_ARG_3'] searchName = os.environ['SPLUNK_ARG_4'] triggerReason = os.environ['SPLUNK_ARG_5'] browserUrl = os.environ['SPLUNK_ARG_6'] rawEventsFile = os.environ['SPLUNK_ARG_8'] #file where you want to write the content logFile = open('D:\Splunk\splunk_alert_events.txt', 'a') #We got the file name from the envioenment vars eventFile = csv.reader(gzip.open(rawEventsFile, 'rb')) #logFile.write(eventFile) i=0 for row in eventFile: if i==0: i+=1 else: myhost=row[2] source=row[3] sourcetype=row[1] logFile.write(myhost + "\n") logFile.write(browserUrl + "\n") logFile.write(scriptName + "\n") logFile.write("queryString" + "\n") logFile.close() logFile = open('D:\Splunk\splunk_alert_trapsDC.txt', 'a') proc = subprocess.Popen(['C:\Windows\System32\VivekB.exe','-d', '10.182.73.70','-v', '1.3.6.1.4.1.4842.200.1.0','STRING',myhost,'-v', '1.3.6.1.4.1.4842.200.1.1','STRING',source,'-v', '1.3.6.1.4.1.4842.200.1.2','STRING',browserUrl,'-v', '1.3.6.1.4.1.4842.200.1.3','STRING',sourcetype,'-v', '1.3.6.1.4.1.4842.200.1.4','STRING',scriptName,'-v', '1.3.6.1.4.1.4842.200.1.5','STRING',queryString,'-v', '1.3.6.1.4.1.4842.200.1.6','STRING',searchName,'-v', '1.3.6.1.4.1.4842.200.1.7','STRING',triggerReason],shell=False) logFile.write(proc + "\n") logFile.close() logFile = open('D:\Splunk\splunk_alert_trapsDR.txt', 'a') prog = subprocess.Popen(['C:\Windows\System32\VivekB.exe','-d', '10.182.73.164','-v', '1.3.6.1.4.1.4842.200.1.0','STRING',myhost,'-v', '1.3.6.1.4.1.4842.200.1.1','STRING',source,'-v', '1.3.6.1.4.1.4842.200.1.2','STRING',browserUrl,'-v', '1.3.6.1.4.1.4842.200.1.3','STRING',sourcetype,'-v', '1.3.6.1.4.1.4842.200.1.4','STRING',scriptName,'-v', '1.3.6.1.4.1.4842.200.1.5','STRING',queryString,'-v', '1.3.6.1.4.1.4842.200.1.6','STRING',searchName,'-v', '1.3.6.1.4.1.4842.200.1.7','STRING',triggerReason],shell=False) logFile.write(prog + "\n") logFile.close() </CODE></PRE> Sun, 24 Feb 2019 06:32:05 GMT https://community.splunk.com/t5/Splunk-Dev/Splunk-python-script-trap-issue/m-p/406392#M7005 satkan100 2019-02-24T06:32:05Z Re: Splunk python script trap issue https://community.splunk.com/t5/Splunk-Dev/Splunk-python-script-trap-issue/m-p/406393#M7006 <P>Are you using Splunk Enterprise Security and referring to notables/incidents? is your python script is a modalert adaptive response based? Have you looked at using Add-on-Builder app to create your alert?</P> Tue, 26 Feb 2019 09:59:07 GMT https://community.splunk.com/t5/Splunk-Dev/Splunk-python-script-trap-issue/m-p/406393#M7006 lakshman239 2019-02-26T09:59:07Z