Alerting

Configure a script as alert action for each result ip and send email

orca
Explorer

1. I have an alert scheduled to run every hour to get updated list of IPs of public nodes.

2. I need to run the script against each result IP and if output=success, I need to send email to specific DL to identify potential hacking activity from the IP.

possible? Can we measure the output of script execution and send email in same Alert action OR I should create the script to test the result and send email also from the script?

Any pointers or am i missing something?

Labels (1)
0 Karma
1 Solution

manjunathmeti
SplunkTrust
SplunkTrust

You can convert that script to a custom search command and use the inbuilt email alert action to send emails.

https://dev.splunk.com/enterprise/docs/devtools/customsearchcommands/createcustomsearchcmd/

If this reply helps you, an upvote/like would be appreciated.

View solution in original post

manjunathmeti
SplunkTrust
SplunkTrust

You can convert that script to a custom search command and use the inbuilt email alert action to send emails.

https://dev.splunk.com/enterprise/docs/devtools/customsearchcommands/createcustomsearchcmd/

If this reply helps you, an upvote/like would be appreciated.

Get Updates on the Splunk Community!

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

You asked, we delivered. Splunk Observability Cloud has several new innovations giving you deeper visibility ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...