Solved: Re: Adding custom alert action for launching pytho...

sherkhan6ad6oy · ‎04-26-2022

In short, I have a router with an IP address on a virtual machine, and I need that when I receive a log that one of its interfaces has turned off, a trigger is triggered and my script runs.

test1.py

from netmiko import ConnectHandler

R1 = {
    "device_type": "cisco_ios",
    "host": "R1",
    "ip": "192.168.12.130",
    "username": "admin",
    "password": "admin1"
}

def main():
    commands = ['int fa3/0',
                'no sh'
                ]

    connect = ConnectHandler(**R1)
    connect.enable()
    output = connect.send_config_set(commands)
    print(f"\n\n-------------- Device {R1['ip']} --------------")
    print(output)
    print("-------------------- End -------------------")


if __name__ == '__main__':
    main()

Login to splunk I get, the Add to Triggered Alerts trigger is triggered. But the .py file itself does not run. Checked through ".../splunk.exe cmd python .../test1.py " it starts and works.

alert_actions.conf

[test1]
is_custom = 1
label = Change_interface_state
description = Change_interface_state
icon_path = test1.png

alert.execute.cmd = test1.py

app.conf

[install]
is_configured = 1
state = enabled

[ui]
is_visible = 1
label = test

[launcher]
author = QAZxsw
description = This is custom
version = 1.0.0

test1.html

<from class="from-horizontal from-complex">
    <p>Change state of interface</p>
</from>

Help (._.)

sherkhan6ad6oy · ‎04-30-2022

Hi @Stefanie

We have solved this problem. Moved the root folder with windows python to the splank folder. Now everything works fine, all libraries are available

View solution in original post

Stefanie · ‎04-27-2022

@sherkhan6ad6oy

Are there any messages in the splunkd.log that suggests that the script was not able to be ran?

sherkhan6ad6oy · ‎04-27-2022

Alert script returned error code 1

Stefanie · ‎04-27-2022

Could you try editing alert_actions.conf to include the correct Python version?

python.version = {default|python|python2|python3}
* For Python scripts only, selects which Python version to use.
* Set to either "default" or "python" to use the system-wide default Python
  version.
* Optional.
* Default: Not set; uses the system-wide Python version.

https://docs.splunk.com/Documentation/Splunk/8.2.6/Admin/Alertactionsconf

sherkhan6ad6oy · ‎04-30-2022

Hi @Stefanie

We have solved this problem. Moved the root folder with windows python to the splank folder. Now everything works fine, all libraries are available

sherkhan6ad6oy · ‎04-28-2022

Hello @Stefanie

Unfortunately, the problem will not be solved. Python in the bar works on a different principle. There is an error in the code in the logs, on line N. Importing other libraries is not possible. There is a similar question where the problem was in the import. She decided to import the app to add the numpy library.

Adding custom alert action for launching python script

alert action

Python

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

Join the Conversation