Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Difference between script alert action and custom alert action

rhobby
New Member
‎11-21-2016 04:12 AM

What is exactly the difference between a script alert action and a custom alert action?

On http://docs.splunk.com/Documentation/Splunk/6.5.0/Alert/ConfiguringScriptedAlerts I can read that script alert action are deprecated.

If I have a script alert action. What ist the way to create a custom alert action?

Best wishes,

Robert

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rpille_splunk
Splunk Employee
Splunk Employee
‎11-21-2016 02:47 PM

Scripted alerts, now deprecated, were alerts that triggered scripts to run. Custom alert actions have replaced them and can do the same and more, with a better user experience. If you have a scripted alert that you want to convert, try following these docs to create an alert action using the script you already have. http://docs.splunk.com/Documentation/Splunk/6.5.1/AdvancedDev/ModAlertsIntro

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

rpille_splunk
Splunk Employee
Splunk Employee
‎11-21-2016 02:47 PM

Scripted alerts, now deprecated, were alerts that triggered scripts to run. Custom alert actions have replaced them and can do the same and more, with a better user experience. If you have a scripted alert that you want to convert, try following these docs to create an alert action using the script you already have. http://docs.splunk.com/Documentation/Splunk/6.5.1/AdvancedDev/ModAlertsIntro

0 Karma
Reply
Solved! Jump to solution

rhobby
New Member
‎01-19-2017 02:12 AM

Thank you for your answer.

I tried to follow these steps. I have a script that tries to fetch the environment variables SPLUNK_ARG_X.

In the custom alert action they seem to be nonexistent. Unfortunately in the link, provided by you, is no mention of these variables.

Is it still possible to use these variables?

0 Karma
Reply
Solved! Jump to solution

oddsve
New Member
‎01-08-2018 01:52 AM

It is documented in the following page here: http://docs.splunk.com/Documentation/Splunk/6.6.3/AdvancedDev/CustomAlertConvertScripted

"For custom alert actions, use configuration file parameters to access and pass values to the configuration payload that the alert action receives."
Meaning you can't use SPLUNK_ARG_X arguments, these need to be called upon from a configuration file.

0 Karma
Reply
Solved! Jump to solution

jef152
Explorer
‎11-13-2017 11:33 AM

I'm also looking for how to get the environment variables into my alert action script. Has anyone had success with this?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...

Access Tokens Page - New & Improved

Splunk Observability Cloud recently launched an improved design for the access tokens page for better ...

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...