https://community.splunk.com/t5/Splunk-Search/Using-Splunk-as-a-real-time-event-detection-engine/m-p/24221#M177507 <P>Sorry reading it on my phone, overlooked the actual question. Yes that should be no problem. You can script with pretty much anything. I generally use python or bash but to each his/her own. :). We often use external alerting to send an ip to a firewall to be dropped or to update a blacklist, etc. Same principle. </P> Mon, 05 Aug 2013 01:30:31 GMT billford 2013-08-05T01:30:31Z https://community.splunk.com/t5/Splunk-Search/Using-Splunk-as-a-real-time-event-detection-engine/m-p/24218#M177504 <P>Hi,</P> <P>I have a requirement for an event detection engine which is able to identify a string (e.g. username) in a particular data source and 'notify' other systems that the event has occurred.</P> <P>I appreciate the inherent flexibility Splunk has by allowing Scripts to be used in conjunction with Alerts to achive this, but i wanted to see if anyone is using Splunk within a large enterprise Production environment as an event detection engine (instead of just a data visualisation tool)?</P> <P>Once the event has occurred, Splunk will need to 'notify' other systems by sending a JMS message to one system and updating a database table in another system. How suitable is the scripting capability in Splunk for run-time requirements like this?</P> <P>Cheers, <BR /> James.</P> Mon, 05 Aug 2013 01:10:47 GMT https://community.splunk.com/t5/Splunk-Search/Using-Splunk-as-a-real-time-event-detection-engine/m-p/24218#M177504 jsash1 2013-08-05T01:10:47Z https://community.splunk.com/t5/Splunk-Search/Using-Splunk-as-a-real-time-event-detection-engine/m-p/24219#M177505 <P>Yes. All the time. What is your specific question? </P> Mon, 05 Aug 2013 01:24:07 GMT https://community.splunk.com/t5/Splunk-Search/Using-Splunk-as-a-real-time-event-detection-engine/m-p/24219#M177505 billford 2013-08-05T01:24:07Z https://community.splunk.com/t5/Splunk-Search/Using-Splunk-as-a-real-time-event-detection-engine/m-p/24220#M177506 <P>Once the event has occurred, Splunk will need to 'notify' other systems by sending a JMS message to one system and updating a database table in another system. How suitable is the scripting capability in Splunk for run-time requirements like this?</P> Mon, 05 Aug 2013 01:26:15 GMT https://community.splunk.com/t5/Splunk-Search/Using-Splunk-as-a-real-time-event-detection-engine/m-p/24220#M177506 jsash1 2013-08-05T01:26:15Z https://community.splunk.com/t5/Splunk-Search/Using-Splunk-as-a-real-time-event-detection-engine/m-p/24221#M177507 <P>Sorry reading it on my phone, overlooked the actual question. Yes that should be no problem. You can script with pretty much anything. I generally use python or bash but to each his/her own. :). We often use external alerting to send an ip to a firewall to be dropped or to update a blacklist, etc. Same principle. </P> Mon, 05 Aug 2013 01:30:31 GMT https://community.splunk.com/t5/Splunk-Search/Using-Splunk-as-a-real-time-event-detection-engine/m-p/24221#M177507 billford 2013-08-05T01:30:31Z