https://community.splunk.com/t5/Alerting/how-to-pass-custom-strings-from-a-Splunk-Alert-into-a-python/m-p/322664#M5727 <P>hi all, we are using the python script below to pass a JSON structure from an Splunk alert.<BR /> I need to pass 2 more custom strings but I am not sure how.<BR /> Inside a Splunk alert I have the "Description" field which I could use to type my custom string but how do I pass that down to the script as an argument?<BR /> Also, I would need to pass the 2nd custom string as another argument. How do I do that?<BR /> Here is my python script:</P> <PRE><CODE>import json import requests import sys import pprint url = 'http://10.10.10.10:8080/api/2.0/ICTAPIHandlers/JSON.php' if len (sys.argv) != 9 : print("Usage: python ict.py count terms query name reason url tags path") sys.exit (1) searchCount = sys.argv[1] # $1 - Number of events returned searchTerms = sys.argv[2] # $2 - Search terms searchQuery = sys.argv[3] # $3 - Fully qualified query string searchName = sys.argv[4] # $4 - Name of saved search searchReason = sys.argv[5] # $5 - Reason saved search triggered searchURL = sys.argv[6] # $6 - URL/Permalink of saved search searchTags = sys.argv[7] # $7 - Always empty as of 4.1 searchPath = sys.argv[8] # $8 - Path to raw saved results in Splunk instance (advanced) data = {"searchCount":searchCount, "searchTerms":searchTerms, "searchQuery":searchQuery, "searchName":searchName, "searchReason":searchReason, "searchURL":searchURL,"searchTags":searchTags,"searchPath":searchPath } data_json = json.dumps(data) headers = {'Content-type': 'application/json'} response = requests.post(url, data=data_json, headers=headers) pprint.pprint(response.json()) pprint.pprint(response.json()['json']) </CODE></PRE> <P>Thank you</P> Tue, 30 May 2017 20:02:07 GMT maximusdm 2017-05-30T20:02:07Z https://community.splunk.com/t5/Alerting/how-to-pass-custom-strings-from-a-Splunk-Alert-into-a-python/m-p/322664#M5727 <P>hi all, we are using the python script below to pass a JSON structure from an Splunk alert.<BR /> I need to pass 2 more custom strings but I am not sure how.<BR /> Inside a Splunk alert I have the "Description" field which I could use to type my custom string but how do I pass that down to the script as an argument?<BR /> Also, I would need to pass the 2nd custom string as another argument. How do I do that?<BR /> Here is my python script:</P> <PRE><CODE>import json import requests import sys import pprint url = 'http://10.10.10.10:8080/api/2.0/ICTAPIHandlers/JSON.php' if len (sys.argv) != 9 : print("Usage: python ict.py count terms query name reason url tags path") sys.exit (1) searchCount = sys.argv[1] # $1 - Number of events returned searchTerms = sys.argv[2] # $2 - Search terms searchQuery = sys.argv[3] # $3 - Fully qualified query string searchName = sys.argv[4] # $4 - Name of saved search searchReason = sys.argv[5] # $5 - Reason saved search triggered searchURL = sys.argv[6] # $6 - URL/Permalink of saved search searchTags = sys.argv[7] # $7 - Always empty as of 4.1 searchPath = sys.argv[8] # $8 - Path to raw saved results in Splunk instance (advanced) data = {"searchCount":searchCount, "searchTerms":searchTerms, "searchQuery":searchQuery, "searchName":searchName, "searchReason":searchReason, "searchURL":searchURL,"searchTags":searchTags,"searchPath":searchPath } data_json = json.dumps(data) headers = {'Content-type': 'application/json'} response = requests.post(url, data=data_json, headers=headers) pprint.pprint(response.json()) pprint.pprint(response.json()['json']) </CODE></PRE> <P>Thank you</P> Tue, 30 May 2017 20:02:07 GMT https://community.splunk.com/t5/Alerting/how-to-pass-custom-strings-from-a-Splunk-Alert-into-a-python/m-p/322664#M5727 maximusdm 2017-05-30T20:02:07Z https://community.splunk.com/t5/Alerting/how-to-pass-custom-strings-from-a-Splunk-Alert-into-a-python/m-p/322665#M5728 <P>See my unaccepted answer here:</P> <P><A href="https://answers.splunk.com/answers/41949/passing-search-results-to-external-python-script.html">https://answers.splunk.com/answers/41949/passing-search-results-to-external-python-script.html</A></P> Tue, 30 May 2017 21:47:45 GMT https://community.splunk.com/t5/Alerting/how-to-pass-custom-strings-from-a-Splunk-Alert-into-a-python/m-p/322665#M5728 woodcock 2017-05-30T21:47:45Z https://community.splunk.com/t5/Alerting/how-to-pass-custom-strings-from-a-Splunk-Alert-into-a-python/m-p/322666#M5729 <P>sorry but I didnt understand that post. Bear in mind that the 2 extra custom strings I need, I am trying to type them somewhere inside the alert and pass as a argument.<BR /> If that is not possible I could pull that info from a static file but that would only appear in the results of the query. I am new to Splunk; it is still a black box for me. Thanks.</P> Wed, 31 May 2017 14:30:36 GMT https://community.splunk.com/t5/Alerting/how-to-pass-custom-strings-from-a-Splunk-Alert-into-a-python/m-p/322666#M5729 maximusdm 2017-05-31T14:30:36Z https://community.splunk.com/t5/Alerting/how-to-pass-custom-strings-from-a-Splunk-Alert-into-a-python/m-p/322667#M5730 <P>My answer does exactly that. It is a complete walk-through. Just give the code a try.</P> Tue, 20 Jun 2017 15:33:53 GMT https://community.splunk.com/t5/Alerting/how-to-pass-custom-strings-from-a-Splunk-Alert-into-a-python/m-p/322667#M5730 woodcock 2017-06-20T15:33:53Z