Alerting

Extract custom parameters for Custom alert action alerts

pdantuuri0411
Explorer

Hi,

I see that we can add various variables by default in the script for custom alert action like search term, trigger reason etc.
How can we add custom parameters from the alert link like the hostname, source or sourcetype etc. and use them in the script.

Regards,

Tags (3)
0 Karma

harsmarvania57
Ultra Champion

Hi,

Can you please let us know whether you would like to fetch host, source and sourcetype from Splunk Query output ?

0 Karma

pdantuuri0411
Explorer

Yes. That is correct. The output from the alert has the fields host, source and sourcetype which I want to use for creating a custom alert action.

Right now I am exporting a csv file with the result and created a script to check the file for the required info. Is this the best option or do we have anyother options?

0 Karma

harsmarvania57
Ultra Champion

You can create script in bash or python and read payload value, in payload value you will able to find path for results.csv.gz and in this file output is stored when splunk query ran. If you are writing script in bash then you can read result using zcat command from this compressed results file and then use for loop to read each and every events and perform necessary action as per your requirement.

On this https://answers.splunk.com/answers/734938/custom-alerts-how-to-use-configured-variables-and-1.html#a... answer thread, I have provided part of bash script to read payload and extract results.csv.gz path.

If you want to write script in python then have a look at example here https://docs.splunk.com/Documentation/Splunk/7.2.6/AdvancedDev/ModAlertsBasicExample and once you have results.csv.gz absolute directory path then you need to use for loop to perform necessary action on each event based on your requirement.

0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...