https://community.splunk.com/t5/Alerting/How-to-write-API-results-made-by-splunk-Alert-action-to-a-custom/m-p/522334#M9757 <P>I think you've asked this question before.&nbsp; I don't have experience with the SDK so I can't help in that area.</P> Wed, 30 Sep 2020 18:09:22 GMT richgalloway 2020-09-30T18:09:22Z https://community.splunk.com/t5/Alerting/How-to-write-API-results-made-by-splunk-Alert-action-to-a-custom/m-p/522130#M9752 <P>Hello all,</P><P>I have a requirement to forward events from a search result to an API and store the response from the API call made by an alert action back to a custom index. How can I achieve this. Please help.</P><P>Regards,</P><P>Naresh</P> Wed, 30 Sep 2020 01:23:34 GMT https://community.splunk.com/t5/Alerting/How-to-write-API-results-made-by-splunk-Alert-action-to-a-custom/m-p/522130#M9752 nareshkumarg 2020-09-30T01:23:34Z https://community.splunk.com/t5/Alerting/How-to-write-API-results-made-by-splunk-Alert-action-to-a-custom/m-p/522264#M9755 <P>Sounds like you need a custom search command.&nbsp; See&nbsp;<A href="https://docs.splunk.com/Documentation/Splunk/8.0.6/Search/Aboutcustomsearchcommands" target="_blank">https://docs.splunk.com/Documentation/Splunk/8.0.6/Search/Aboutcustomsearchcommands</A></P> Wed, 30 Sep 2020 13:30:05 GMT https://community.splunk.com/t5/Alerting/How-to-write-API-results-made-by-splunk-Alert-action-to-a-custom/m-p/522264#M9755 richgalloway 2020-09-30T13:30:05Z https://community.splunk.com/t5/Alerting/How-to-write-API-results-made-by-splunk-Alert-action-to-a-custom/m-p/522280#M9756 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/213957">@richgalloway</a>&nbsp;I have built an addon to create an alert action where My API call works. Once the call gets completed the API responds with a JSON data which I want to store on a custom index. Currently, it stores the data by default into the Main index which we don't want to use.</P><P>I used the following code using the Splunk add-on builder to write it but it writes the data into the Main index.</P><P><STRONG>helper.addevent("hello", sourcetype="customsource")</STRONG><BR /><STRONG>helper.addevent("world", sourcetype="customsource")</STRONG><BR /><STRONG>helper.writeevents(index="mycustomindex", host="localhost", source="localhost")</STRONG></P><P>How to proceed further.</P> Wed, 30 Sep 2020 14:28:50 GMT https://community.splunk.com/t5/Alerting/How-to-write-API-results-made-by-splunk-Alert-action-to-a-custom/m-p/522280#M9756 nareshkumarg 2020-09-30T14:28:50Z https://community.splunk.com/t5/Alerting/How-to-write-API-results-made-by-splunk-Alert-action-to-a-custom/m-p/522334#M9757 <P>I think you've asked this question before.&nbsp; I don't have experience with the SDK so I can't help in that area.</P> Wed, 30 Sep 2020 18:09:22 GMT https://community.splunk.com/t5/Alerting/How-to-write-API-results-made-by-splunk-Alert-action-to-a-custom/m-p/522334#M9757 richgalloway 2020-09-30T18:09:22Z https://community.splunk.com/t5/Alerting/How-to-write-API-results-made-by-splunk-Alert-action-to-a-custom/m-p/522679#M9765 <P>Looks like the only way is to use HEC method to make an API call back to store the data in to an index we want. Kind of a pain but this what I got from Splunk support. I wonder whether Splunk will add this feature OOB on its future version.</P><P>Regards,</P><P>Naresh</P> Fri, 02 Oct 2020 14:52:38 GMT https://community.splunk.com/t5/Alerting/How-to-write-API-results-made-by-splunk-Alert-action-to-a-custom/m-p/522679#M9765 nareshkumarg 2020-10-02T14:52:38Z https://community.splunk.com/t5/Alerting/How-to-write-API-results-made-by-splunk-Alert-action-to-a-custom/m-p/665964#M15436 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/215247">@nareshkumarg</a>,</P><P>Did you find a solution to the above? If so, could you please let me know what you found?</P> Tue, 24 Oct 2023 04:24:49 GMT https://community.splunk.com/t5/Alerting/How-to-write-API-results-made-by-splunk-Alert-action-to-a-custom/m-p/665964#M15436 AMAN0113 2023-10-24T04:24:49Z