Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can you add your own custom alert action?

Lowell
Super Champion
‎05-28-2010 07:47 PM

There are a number of existing alerting conditions provided out of the box, such as populate_lookup, rss, email, and so on. I noticed that these are all defined in alert_actions.conf, so that begs the question: Is it possible to simply add your own custom alerting action by adding an appropriate config entry?

It looks like you would have to write your own custom search command to correspond to a new alert action, but that's not too difficult.

Does Splunk intended this as a feature, or is is merely to be used internally for Splunk's own stuff?

What are the permissions considerations? Is it basically who ever can execute the associated search command can also use the alerting action that calls it?

Reply

Lowell
Super Champion
‎08-27-2010 01:50 PM

Yes, you can create your own custom alert action. I've published an app on splunk base, which can serve as an example:

http://www.splunkbase.com/apps/All/4.x/Add-On/app:RunSavedSearch+alert+action

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎05-29-2010 01:36 AM

Maybe you could, but why would you? You can already pipe to a script or call a script based on an alert. You don't get any new UI or anything, just more files to do the same thing.

Reply

Lowell
Super Champion
‎05-29-2010 03:27 AM

I'm attempting to answer my own question: http://answers.splunk.com/questions/3099/can-one-scheduled-saved-search-trigger-another-saved-search

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...