Alerting

Adding custom alert action for launching python script

sherkhan6ad6oy
Explorer

In short, I have a router with an IP address on a virtual machine, and I need that when I receive a log that one of its interfaces has turned off, a trigger is triggered and my script runs.

test1.py

from netmiko import ConnectHandler

R1 = {
"device_type": "cisco_ios",
"host": "R1",
"ip": "192.168.12.130",
"username": "admin",
"password": "admin1"
}

def main():
commands = ['int fa3/0',
'no sh'
]

connect = ConnectHandler(**R1)
connect.enable()
output = connect.send_config_set(commands)
print(f"\n\n-------------- Device {R1['ip']} --------------")
print(output)
print("-------------------- End -------------------")


if __name__ == '__main__':
main()

 

Login to splunk I get, the Add to Triggered Alerts trigger is triggered. But the .py file itself does not run. Checked through ".../splunk.exe cmd python .../test1.py " it starts and works.

alert_actions.conf

[test1]
is_custom = 1
label = Change_interface_state
description = Change_interface_state
icon_path = test1.png

alert.execute.cmd = test1.py



app.conf

[install]
is_configured = 1
state = enabled

[ui]
is_visible = 1
label = test

[launcher]
author = QAZxsw
description = This is custom
version = 1.0.0

 

test1.html

<from class="from-horizontal from-complex">
<p>Change state of interface</p>
</from>

 

 

Help (._.)

Labels (2)
0 Karma
1 Solution

sherkhan6ad6oy
Explorer

Hi @Stefanie 

We have solved this problem. Moved the root folder with windows python to the splank folder. Now everything works fine, all libraries are available

View solution in original post

0 Karma

Stefanie
Builder

@sherkhan6ad6oy 

Are there any messages in the splunkd.log that suggests that the script was not able to be ran? 

sherkhan6ad6oy
Explorer
Alert script returned error code 1
0 Karma

Stefanie
Builder

Could you try editing alert_actions.conf to include the correct Python version?

 

 

python.version = {default|python|python2|python3}
* For Python scripts only, selects which Python version to use.
* Set to either "default" or "python" to use the system-wide default Python
  version.
* Optional.
* Default: Not set; uses the system-wide Python version.

 

 

https://docs.splunk.com/Documentation/Splunk/8.2.6/Admin/Alertactionsconf

0 Karma

sherkhan6ad6oy
Explorer

Hi @Stefanie 

We have solved this problem. Moved the root folder with windows python to the splank folder. Now everything works fine, all libraries are available

0 Karma

sherkhan6ad6oy
Explorer

Hello @Stefanie 

Unfortunately, the problem will not be solved. Python in the bar works on a different principle. There is an error in the code in the logs, on line N. Importing other libraries is not possible. There is a similar question where the problem was in the import. She decided to import the app to add the numpy library.

0 Karma
Get Updates on the Splunk Community!

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...