Re: Custom Script to capture splunk alert message

saurabhray25 · ‎09-03-2020

Hi,

I have created an alert for an event in real-time. For example, send me an alert if a user is not able to log in 3 times.

On the above event, I have created an alert action. Here I want to trigger a custom script.

The purpose of this Python script will be to capture the error message and send it to a different application using Key Based authentication.

However, I am not able to fetch the error message.

Using sys.argv gives me the parameters but the error message is encoded. Can anyone assist me here, how can I extract the error message from the event triggering the alert?

renjith_nair · ‎09-06-2020

Search results will be part of the "Path to file containing the search results" (arg 8 ) and you might need to open and read the content of the file in your custom script.

Reference : https://docs.splunk.com/Documentation/Splunk/8.0.6/Alert/Configuringscriptedalerts

Please note that the run a script alert action is deprecated officially. Please refer to the below documentation to convert to Custom alert action framework

https://docs.splunk.com/Documentation/Splunk/8.0.6/AdvancedDev/CustomAlertConvertScripted

---
What goes around comes around. If it helps, hit it with Karma 🙂

Custom Script to capture splunk alert message

alert action

alert condition

python

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?