Hi,
I have created an alert for an event in real-time. For example, send me an alert if a user is not able to log in 3 times.
On the above event, I have created an alert action. Here I want to trigger a custom script.
The purpose of this Python script will be to capture the error message and send it to a different application using Key Based authentication.
However, I am not able to fetch the error message.
Using sys.argv gives me the parameters but the error message is encoded. Can anyone assist me here, how can I extract the error message from the event triggering the alert?
Search results will be part of the "Path to file containing the search results" (arg 8 ) and you might need to open and read the content of the file in your custom script.
Reference : https://docs.splunk.com/Documentation/Splunk/8.0.6/Alert/Configuringscriptedalerts
Please note that the run a script alert action is deprecated officially. Please refer to the below documentation to convert to Custom alert action framework
https://docs.splunk.com/Documentation/Splunk/8.0.6/AdvancedDev/CustomAlertConvertScripted