Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do i get the parameters passed to the script in Alert action

nithin_shubhana
Explorer
‎03-14-2014 03:28 AM

Hi,

I am working on the alerting module of the Splunk and would like to execute a script when alert gets triggered and from the documents I see that http://docs.splunk.com/Documentation/Splunk/6.0.2/alert/ConfiguringScriptedAlerts

when alerts gets triggered, it will pass some set of arguments to the script. Is my understanding correct? If my understanding is wrong kindly guide me with proper meaning.

Assuming the above understanding is correct, to know the value of each of the parameter, I access it by using: os.environ['SPLUNK_ARG_0'] and so on in the Python scripting correct?

NOTE: I am trying out this in the Windows machine, so do I need to use os.environ['$SPLUNK_ARG_0'] instead of os.environ['SPLUNK_ARG_0']??

Please let me know if I need to explicitly set anything so as to pass the arguments from the Splunk to the script.

Thanks in advance.

0 Karma
Reply

shaskell_splunk
Splunk Employee
Splunk Employee
‎06-08-2016 01:55 PM

Are you using Python in Windows? That's not how you use os.environ in Python. You don't specify the environment variable with a leading '$'.

[shaskell@docker ~]$ export FOO=la
[shaskell@docker ~]$ python
Python 2.7.5 (default, Jun 24 2015, 00:41:19) 
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import os
>>> print(os.environ['FOO']);
la

You'd only access the argument like $SPLUNK_ARG_0 if it were from a shell script in Unix or %SPLUNK_ARG_0% if it were from a batch file in Windows.

You can also access the arguments positionally in Python. Given the following script:

#!/usr/bin/env python
import sys
print(sys.argv[0])
print(sys.argv[1])

[shaskell@docker ~]$ ./foo.py arg1
./foo.py
arg1

So sys.argv[0] is $SPLUNK_ARG_0 (name of the script) and so on. Also note that the 9th argument is the Splunk session key in case you want to interact with the REST API from your script.

0 Karma
Reply

starcher
Influencer
‎03-16-2014 07:50 AM

The arguments are always passed and there is nothing you have to do special. Also, make sure your alert script in python starts with a hash bang that points to the python for splunk appropriate to your path on your windows installation.

0 Karma
Reply

axl88
Communicator
‎06-08-2016 01:37 PM

I downvoted this post because please try batch script with some parameter as you have described. it doesn't run with splunk while it is totaly fine on cmd.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...