Alerting
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Difference between script alert action and custom alert action

rhobby
New Member
‎11-21-2016 04:12 AM

What is exactly the difference between a script alert action and a custom alert action?

On http://docs.splunk.com/Documentation/Splunk/6.5.0/Alert/ConfiguringScriptedAlerts I can read that script alert action are deprecated.

If I have a script alert action. What ist the way to create a custom alert action?

Best wishes,

Robert

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rpille_splunk
Splunk Employee
Splunk Employee
‎11-21-2016 02:47 PM

Scripted alerts, now deprecated, were alerts that triggered scripts to run. Custom alert actions have replaced them and can do the same and more, with a better user experience. If you have a scripted alert that you want to convert, try following these docs to create an alert action using the script you already have. http://docs.splunk.com/Documentation/Splunk/6.5.1/AdvancedDev/ModAlertsIntro

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

rpille_splunk
Splunk Employee
Splunk Employee
‎11-21-2016 02:47 PM

Scripted alerts, now deprecated, were alerts that triggered scripts to run. Custom alert actions have replaced them and can do the same and more, with a better user experience. If you have a scripted alert that you want to convert, try following these docs to create an alert action using the script you already have. http://docs.splunk.com/Documentation/Splunk/6.5.1/AdvancedDev/ModAlertsIntro

0 Karma
Reply
Solved! Jump to solution

rhobby
New Member
‎01-19-2017 02:12 AM

Thank you for your answer.

I tried to follow these steps. I have a script that tries to fetch the environment variables SPLUNK_ARG_X.

In the custom alert action they seem to be nonexistent. Unfortunately in the link, provided by you, is no mention of these variables.

Is it still possible to use these variables?

0 Karma
Reply
Solved! Jump to solution

oddsve
New Member
‎01-08-2018 01:52 AM

It is documented in the following page here: http://docs.splunk.com/Documentation/Splunk/6.6.3/AdvancedDev/CustomAlertConvertScripted

"For custom alert actions, use configuration file parameters to access and pass values to the configuration payload that the alert action receives."
Meaning you can't use SPLUNK_ARG_X arguments, these need to be called upon from a configuration file.

0 Karma
Reply
Solved! Jump to solution

jef152
Explorer
‎11-13-2017 11:33 AM

I'm also looking for how to get the environment variables into my alert action script. Has anyone had success with this?

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...
Top