https://community.splunk.com/t5/Getting-Data-In/Problem-with-scripted-alert/m-p/491773#M84039 <P>thanks , i have read this a lot of times, but i cant resolve the problem.</P> <P>can you help me with this configuration?</P> Fri, 13 Mar 2020 18:25:04 GMT tinpelayee 2020-03-13T18:25:04Z https://community.splunk.com/t5/Getting-Data-In/Problem-with-scripted-alert/m-p/491770#M84036 <P>Hello plp, </P> <P>I am making an alert, that export a csv , the problem here is when this .csv is exported, only have rw permissions and i want to have rw-r. I make a script that convert this file with the permissions i want, but is dont working. I have read all the doc of configurating scripted alerts, but i cant resolve this problem. </P> <P>Can anyone helpme? </P> Fri, 13 Mar 2020 17:44:43 GMT https://community.splunk.com/t5/Getting-Data-In/Problem-with-scripted-alert/m-p/491770#M84036 tinpelayee 2020-03-13T17:44:43Z https://community.splunk.com/t5/Getting-Data-In/Problem-with-scripted-alert/m-p/491771#M84037 <P>Scripted alert action is officially deprecated. Use custom alert action. Check this page to convert scripted action to custom alert action.</P> <P><A href="https://docs.splunk.com/Documentation/Splunk/8.0.2/AdvancedDev/CustomAlertConvertScripted" target="_blank">https://docs.splunk.com/Documentation/Splunk/8.0.2/AdvancedDev/CustomAlertConvertScripted</A></P> <P>Simple steps to create an app for custom alert action:</P> <P><STRONG>Step 1:</STRONG> Create new app script_custom_alert_action and create app.conf and alert_actions.conf like below. Copy configuration files to <STRONG>script_custom_alert_action/default</STRONG>.</P> <P>app.conf</P> <PRE><CODE> [ui] is_visible = 0 label = Scripted Custom Alert Action [launcher] description = Scripted Custom Alert Action [install] state = enabled is_configured = 1 </CODE></PRE> <P>alert_actions.conf</P> <PRE><CODE> [scriptcustomalert] is_custom = 1 label = Scripted Custom Alert Action </CODE></PRE> <P><STRONG>Step 2:</STRONG> Rename your script. <STRONG>Script name must be same as stanza name in alert_actions.conf</STRONG>. Example scriptcustomalert.py or scriptcustomalert.sh. Put it in <STRONG>script_custom_alert_action/bin</STRONG>.</P> <P><STRONG>Step 3:</STRONG> Create default.meta and copy it in <STRONG>script_custom_alert_action/metadata</STRONG>. This enables all users to configure custom alert action for their alerts in any app. </P> <PRE><CODE>[] access = read : [ * ], write : [ admin ] export = system </CODE></PRE> <P><STRONG>Step 4</STRONG>: Deploy app and restart splunk. New action "Scripted Custom Alert Action" will appear in alert action list on UI in alert configurations and you can select it and verify.</P> Wed, 30 Sep 2020 04:34:00 GMT https://community.splunk.com/t5/Getting-Data-In/Problem-with-scripted-alert/m-p/491771#M84037 manjunathmeti 2020-09-30T04:34:00Z https://community.splunk.com/t5/Getting-Data-In/Problem-with-scripted-alert/m-p/491772#M84038 <P>thanks , i have read this a lot of times, but i cant resolve the problem. </P> <P>can you help me with this configuration? </P> Fri, 13 Mar 2020 18:22:07 GMT https://community.splunk.com/t5/Getting-Data-In/Problem-with-scripted-alert/m-p/491772#M84038 tinpelayee 2020-03-13T18:22:07Z https://community.splunk.com/t5/Getting-Data-In/Problem-with-scripted-alert/m-p/491773#M84039 <P>thanks , i have read this a lot of times, but i cant resolve the problem.</P> <P>can you help me with this configuration?</P> Fri, 13 Mar 2020 18:25:04 GMT https://community.splunk.com/t5/Getting-Data-In/Problem-with-scripted-alert/m-p/491773#M84039 tinpelayee 2020-03-13T18:25:04Z https://community.splunk.com/t5/Getting-Data-In/Problem-with-scripted-alert/m-p/491774#M84040 <P>Updated my answer.</P> Fri, 13 Mar 2020 18:38:44 GMT https://community.splunk.com/t5/Getting-Data-In/Problem-with-scripted-alert/m-p/491774#M84040 manjunathmeti 2020-03-13T18:38:44Z https://community.splunk.com/t5/Getting-Data-In/Problem-with-scripted-alert/m-p/491775#M84041 <P>i can created but my script doesnt change the permissions of the csv <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> Fri, 13 Mar 2020 20:02:06 GMT https://community.splunk.com/t5/Getting-Data-In/Problem-with-scripted-alert/m-p/491775#M84041 tinpelayee 2020-03-13T20:02:06Z https://community.splunk.com/t5/Getting-Data-In/Problem-with-scripted-alert/m-p/491776#M84042 <P>I tested with below python script and it's working. Check with this script.</P> <P><A href="https://github.com/manjunath-meti/myfirstrepo/blob/master/scriptcustomalert.py">scriptcustomalert.py</A></P> <P>Search query I used:</P> <PRE><CODE>index=_internal earliest=-5m | stats count by sourcetype | outputcsv test.csv </CODE></PRE> Sat, 14 Mar 2020 09:35:59 GMT https://community.splunk.com/t5/Getting-Data-In/Problem-with-scripted-alert/m-p/491776#M84042 manjunathmeti 2020-03-14T09:35:59Z https://community.splunk.com/t5/Getting-Data-In/Problem-with-scripted-alert/m-p/491777#M84043 <P>Thanks Bro, it works!!!! </P> Mon, 16 Mar 2020 12:17:46 GMT https://community.splunk.com/t5/Getting-Data-In/Problem-with-scripted-alert/m-p/491777#M84043 tinpelayee 2020-03-16T12:17:46Z