1. I have an alert scheduled to run every hour to get updated list of IPs of public nodes.
2. I need to run the script against each result IP and if output=success, I need to send email to specific DL to identify potential hacking activity from the IP.
possible? Can we measure the output of script execution and send email in same Alert action OR I should create the script to test the result and send email also from the script?
Any pointers or am i missing something?
You can convert that script to a custom search command and use the inbuilt email alert action to send emails.https://dev.splunk.com/enterprise/docs/devtools/customsearchcommands/createcustomsearchcmd/
If this reply helps you, an upvote/like would be appreciated.
View solution in original post