Alerting
Highlighted

How do i get the parameters passed to the script in Alert action

Hi,

I am working on the alerting module of the Splunk and would like to execute a script when alert gets triggered and from the documents I see that http://docs.splunk.com/Documentation/Splunk/6.0.2/alert/ConfiguringScriptedAlerts

when alerts gets triggered, it will pass some set of arguments to the script. Is my understanding correct? If my understanding is wrong kindly guide me with proper meaning.

Assuming the above understanding is correct, to know the value of each of the parameter, I access it by using: os.environ['SPLUNKARG0'] and so on in the Python scripting correct?

NOTE: I am trying out this in the Windows machine, so do I need to use os.environ['$SPLUNKARG0'] instead of os.environ['SPLUNKARG0']??

Please let me know if I need to explicitly set anything so as to pass the arguments from the Splunk to the script.

Thanks in advance.

0 Karma
Highlighted

Re: How do i get the parameters passed to the script in Alert action

SplunkTrust
SplunkTrust

The arguments are always passed and there is nothing you have to do special. Also, make sure your alert script in python starts with a hash bang that points to the python for splunk appropriate to your path on your windows installation.

0 Karma

Re: How do i get the parameters passed to the script in Alert action

Communicator

I downvoted this post because please try batch script with some parameter as you have described. it doesn't run with splunk while it is totaly fine on cmd.

0 Karma
Highlighted

Re: How do i get the parameters passed to the script in Alert action

Splunk Employee
Splunk Employee

Are you using Python in Windows? That's not how you use os.environ in Python. You don't specify the environment variable with a leading '$'.

[shaskell@docker ~]$ export FOO=la
[shaskell@docker ~]$ python
Python 2.7.5 (default, Jun 24 2015, 00:41:19) 
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import os
>>> print(os.environ['FOO']);
la

You'd only access the argument like $SPLUNKARG0 if it were from a shell script in Unix or %SPLUNKARG0% if it were from a batch file in Windows.

You can also access the arguments positionally in Python. Given the following script:

#!/usr/bin/env python
import sys
print(sys.argv[0])
print(sys.argv[1])
[shaskell@docker ~]$ ./foo.py arg1
./foo.py
arg1

So sys.argv[0] is $SPLUNKARG0 (name of the script) and so on. Also note that the 9th argument is the Splunk session key in case you want to interact with the REST API from your script.

0 Karma