https://community.splunk.com/t5/Alerting/How-to-create-a-python-script-that-generates-an-alert-if-the/m-p/133826#M2133 <P>How are you calling this script? Is it through scripted input? I have similar requirement. Please help. </P> Sun, 04 Jun 2017 08:57:12 GMT k_harini 2017-06-04T08:57:12Z https://community.splunk.com/t5/Alerting/How-to-create-a-python-script-that-generates-an-alert-if-the/m-p/133824#M2131 <P>Hi, </P> <P>I'm new to splunk sdk so, forgive me if my question is obvious.<BR /> I'm trying to create a python script that runs a search job every minutes and give an alert if the number of events is 0.</P> <P>I'm starting with the connection: </P> <PRE><CODE>import splunklib.client as client HOST = "localhost" PORT = 8089 USERNAME = "admin" PASSWORD = "changeme" //Create a Service instance and log in service = client.connect( host=HOST, port=PORT, username=USERNAME, password=PASSWORD) myquery = "*" mysearchname = "hello" //Check if this already exist //mysavedsearch = service.saved_searches.create(mysearchname, myquery) mysavedsearch = service.saved_searches["hello"] kwargs = {"description": "This is a test search", "is_scheduled": True, "cron_schedule": "*/5 * * * * ",} mysavedsearch.update(**kwargs).refresh() print "Description: ", mysavedsearch["description"] print "Is scheduled: ", mysavedsearch["is_scheduled"] print "Cron schedule: ", mysavedsearch["cron_schedule"] print "Next scheduled time: ", mysavedsearch["next_scheduled_time"] </CODE></PRE> <P>Ok but how do I set the parameters of the alert? <BR /> Could someone confirm if this is correct?</P> <P>Thank you in advance</P> Mon, 09 Feb 2015 15:23:35 GMT https://community.splunk.com/t5/Alerting/How-to-create-a-python-script-that-generates-an-alert-if-the/m-p/133824#M2131 Federica_92 2015-02-09T15:23:35Z https://community.splunk.com/t5/Alerting/How-to-create-a-python-script-that-generates-an-alert-if-the/m-p/133825#M2132 <P>In the end, this is my code and work </P> <PRE><CODE>import splunklib.client as client HOST = "localhost" PORT = 8089 USERNAME = "admin" PASSWORD = "changeme" # Create a Service instance and log in service = client.connect( host=HOST, port=PORT, username=USERNAME, password=PASSWORD) # Variables myquery = "index=main | transaction dc(host) by host" mysearchname = "h1" a=0 # Create the search savedsearches = service.saved_searches for savedsearch in savedsearches: if (savedsearch.name=="h1"): a=1 if a==0: mysavedsearch = service.saved_searches.create(mysearchname, myquery) # Edit the search mysavedsearch = service.saved_searches["h1"] kwargs = {"description": "This is a search", "is_scheduled": True, "cron_schedule": "*/1 * * * * ", "alert.track":1, "alert_comparator":"greater than", "alert_type":"number of events", "alert_threshold":0, "alert.severity":5, } mysavedsearch.update(**kwargs).refresh() print "Description: ", mysavedsearch["description"] print "Is scheduled: ", mysavedsearch["is_scheduled"] print "Cron schedule: ", mysavedsearch["cron_schedule"] print "Next scheduled time: ", mysavedsearch["next_scheduled_time"] print "Alert track ", mysavedsearch["alert.track"] </CODE></PRE> Tue, 10 Feb 2015 12:34:06 GMT https://community.splunk.com/t5/Alerting/How-to-create-a-python-script-that-generates-an-alert-if-the/m-p/133825#M2132 Federica_92 2015-02-10T12:34:06Z https://community.splunk.com/t5/Alerting/How-to-create-a-python-script-that-generates-an-alert-if-the/m-p/133826#M2133 <P>How are you calling this script? Is it through scripted input? I have similar requirement. Please help. </P> Sun, 04 Jun 2017 08:57:12 GMT https://community.splunk.com/t5/Alerting/How-to-create-a-python-script-that-generates-an-alert-if-the/m-p/133826#M2133 k_harini 2017-06-04T08:57:12Z