Re: How send splunk alerts to netcool?

romattos · ‎03-11-2020

How Can I send alerts from splunk to netcool ? The splunk is able to send alerts to netcool omnibus?

gcusello · ‎03-11-2020

Hi @romattos,
are yu speaking of IBM netcool?
Did you already explored the SNMP Splunk MA App for Netcool ( https://splunkbase.splunk.com/app/3596/ ) ?

otherwise it isn't so easy because, following the instructions at https://docs.splunk.com/Documentation/Splunk/6.2.1/alert/SendingSNMPtrapstoothersystems (as you can see it's old!), you have to create a perl script because in the 0 fields related to a fired alert you can find the url of a zipped files that contains the results of the search but you cannot send it to Netcool and you have to unzip it and add to one of the eight fields.

Ciao.
Giuseppe

romattos · ‎03-11-2020

Hi Giuseppe.

Yes . I want to send to IBM Netcool Omnibus. Is it possible? Do you have more details?

Thanks!!

hgehrts_splunk · ‎03-11-2020

Hi!
yes, it's possible. And there are several ways of doing this. The easiest might be
https://docs.splunk.com/Documentation/Splunk/8.0.2/Alert/AlertWorkflowOverview
where an alert action triggers a script that sends information into an Omnibus Probe.

best
Henning

How send splunk alerts to netcool?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation