Are you a member of the Splunk Community?
- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Alerting
- :
- Adding custom alert action for launching python sc...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In short, I have a router with an IP address on a virtual machine, and I need that when I receive a log that one of its interfaces has turned off, a trigger is triggered and my script runs.
test1.py
from netmiko import ConnectHandler
R1 = {
"device_type": "cisco_ios",
"host": "R1",
"ip": "192.168.12.130",
"username": "admin",
"password": "admin1"
}
def main():
commands = ['int fa3/0',
'no sh'
]
connect = ConnectHandler(**R1)
connect.enable()
output = connect.send_config_set(commands)
print(f"\n\n-------------- Device {R1['ip']} --------------")
print(output)
print("-------------------- End -------------------")
if __name__ == '__main__':
main()
Login to splunk I get, the Add to Triggered Alerts trigger is triggered. But the .py file itself does not run. Checked through ".../splunk.exe cmd python .../test1.py " it starts and works.
alert_actions.conf
[test1]
is_custom = 1
label = Change_interface_state
description = Change_interface_state
icon_path = test1.png
alert.execute.cmd = test1.py
app.conf
[install]
is_configured = 1
state = enabled
[ui]
is_visible = 1
label = test
[launcher]
author = QAZxsw
description = This is custom
version = 1.0.0
test1.html
<from class="from-horizontal from-complex">
<p>Change state of interface</p>
</from>
Help (._.)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Stefanie
We have solved this problem. Moved the root folder with windows python to the splank folder. Now everything works fine, all libraries are available
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are there any messages in the splunkd.log that suggests that the script was not able to be ran?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Alert script returned error code 1- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could you try editing alert_actions.conf to include the correct Python version?
python.version = {default|python|python2|python3}
* For Python scripts only, selects which Python version to use.
* Set to either "default" or "python" to use the system-wide default Python
version.
* Optional.
* Default: Not set; uses the system-wide Python version.
https://docs.splunk.com/Documentation/Splunk/8.2.6/Admin/Alertactionsconf
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Stefanie
We have solved this problem. Moved the root folder with windows python to the splank folder. Now everything works fine, all libraries are available
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Stefanie
Unfortunately, the problem will not be solved. Python in the bar works on a different principle. There is an error in the code in the logs, on line N. Importing other libraries is not possible. There is a similar question where the problem was in the import. She decided to import the app to add the numpy library.
Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?
Data Persistence in the OpenTelemetry Collector
Thanks for the Memories! Splunk University, .conf25, and our Community
