I am working on the alerting module of the Splunk and would like to execute a script when alert gets triggered and from the documents I see that http://docs.splunk.com/Documentation/Splunk/6.0.2/alert/ConfiguringScriptedAlerts
when alerts gets triggered, it will pass some set of arguments to the script. Is my understanding correct? If my understanding is wrong kindly guide me with proper meaning.
Assuming the above understanding is correct, to know the value of each of the parameter, I access it by using: os.environ['SPLUNK_ARG_0'] and so on in the Python scripting correct?
NOTE: I am trying out this in the Windows machine, so do I need to use os.environ['$SPLUNK_ARG_0'] instead of os.environ['SPLUNK_ARG_0']??
Please let me know if I need to explicitly set anything so as to pass the arguments from the Splunk to the script.
Thanks in advance.
Are you using Python in Windows? That's not how you use os.environ in Python. You don't specify the environment variable with a leading '$'.
[shaskell@docker ~]$ export FOO=la [shaskell@docker ~]$ python Python 2.7.5 (default, Jun 24 2015, 00:41:19) [GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import os >>> print(os.environ['FOO']); la
You'd only access the argument like $SPLUNK_ARG_0 if it were from a shell script in Unix or %SPLUNK_ARG_0% if it were from a batch file in Windows.
You can also access the arguments positionally in Python. Given the following script:
#!/usr/bin/env python import sys print(sys.argv) print(sys.argv)
[shaskell@docker ~]$ ./foo.py arg1 ./foo.py arg1
So sys.argv is $SPLUNK_ARG_0 (name of the script) and so on. Also note that the 9th argument is the Splunk session key in case you want to interact with the REST API from your script.
The arguments are always passed and there is nothing you have to do special. Also, make sure your alert script in python starts with a hash bang that points to the python for splunk appropriate to your path on your windows installation.
I downvoted this post because please try batch script with some parameter as you have described. it doesn't run with splunk while it is totaly fine on cmd.