https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92060#M1285 <P>We are using a Perl script to create tickets when a given event meets a certain threshold. How can we include the results of the search in the ticket? This seems like it should be pretty easy, but darned if I can figure out how to get at that data. Otherwise, all we have is a ticket with a link to the search we have to click on to get at the information we seek.</P> <P>Thanks.</P> Fri, 29 Apr 2011 14:29:11 GMT netwrkr 2011-04-29T14:29:11Z https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92060#M1285 <P>We are using a Perl script to create tickets when a given event meets a certain threshold. How can we include the results of the search in the ticket? This seems like it should be pretty easy, but darned if I can figure out how to get at that data. Otherwise, all we have is a ticket with a link to the search we have to click on to get at the information we seek.</P> <P>Thanks.</P> Fri, 29 Apr 2011 14:29:11 GMT https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92060#M1285 netwrkr 2011-04-29T14:29:11Z https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92061#M1286 <P>Check this out :</P> <P><A href="http://www.splunk.com/wiki/Community:Use_Splunk_alerts_with_scripts_to_create_a_ticket_in_your_ticketing_system" target="_blank">http://www.splunk.com/wiki/Community:Use_Splunk_alerts_with_scripts_to_create_a_ticket_in_your_ticketing_system</A></P> Mon, 28 Sep 2020 09:30:49 GMT https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92061#M1286 JSapienza 2020-09-28T09:30:49Z https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92062#M1287 <P>been there, done that. It doesn't include the <EM>results</EM>.</P> Fri, 29 Apr 2011 14:42:17 GMT https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92062#M1287 netwrkr 2011-04-29T14:42:17Z https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92063#M1288 <P>Then it might be the way you are handling the variables. That example was Bash, so $1, $2 etc are defined as positional parameters passed to the script. This would be represented differently in Perl. My Perl skills are not that great , but if I'm not mistaken they would be something like $ARGV[1],$ARGV[2], etc.</P> Fri, 29 Apr 2011 14:57:14 GMT https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92063#M1288 JSapienza 2011-04-29T14:57:14Z https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92064#M1289 <P>Which of the available variables will give me the results of the search? Not the fact the alert fired but the OUTPUT of the search.</P> Fri, 29 Apr 2011 17:59:51 GMT https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92064#M1289 netwrkr 2011-04-29T17:59:51Z https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92065#M1290 <P>I use an email alert for grabbing the full search result to send to our ticketing system. Some of my alrets send the results as a pdf. This was simple and cleaner to interface with CA's service desk application. </P> <P>I think you would have to cat $8 , but I bet its format is a not very pretty since it contains raw results</P> <P>$8= File where the results for this search are stored (contains raw results)</P> Fri, 29 Apr 2011 18:25:55 GMT https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92065#M1290 JSapienza 2011-04-29T18:25:55Z https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92066#M1291 <P>From the link in my answer post:<BR /><BR /> $8 = path to a file where raw results of this search are located (as opposed to passing the actual results into the ticket--this could be a lot of data).</P> Fri, 29 Apr 2011 18:29:17 GMT https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92066#M1291 JSapienza 2011-04-29T18:29:17Z https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92067#M1292 <P>Have you had any luck with this? I am looking at the same thing.</P> Wed, 20 Mar 2013 13:54:49 GMT https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92067#M1292 dcparker 2013-03-20T13:54:49Z https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92068#M1293 <P>Do there is no other way to get the raw data, and read them manually in the script <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span><BR /> In which form are they stored ?</P> Mon, 04 Aug 2014 11:31:09 GMT https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92068#M1293 sbsbb 2014-08-04T11:31:09Z https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92069#M1294 <P>I've found something interesting there... <BR /> <A href="https://github.com/georgestarcher/Splunk-Alert/blob/master/targetlist.py">https://github.com/georgestarcher/Splunk-Alert/blob/master/targetlist.py</A><BR /> <A href="http://www.georgestarcher.com/splunk-alert-scripts-automating-control/">http://www.georgestarcher.com/splunk-alert-scripts-automating-control/</A></P> <P>The splunk doc is really missing some examples...</P> Mon, 04 Aug 2014 14:08:56 GMT https://community.splunk.com/t5/Alerting/output-results-in-script/m-p/92069#M1294 sbsbb 2014-08-04T14:08:56Z