How to use a custom script in alert actions and pass arguments to it when the alert is triggered
If you want to use a custom script in alert actions and pass arguments to it when the alert is triggered
Let us assume a sample.sh script as below which will accept a name a argument and print to a sample.log file
!/bin/bash
echo "hello $1 @ date +%Y-%m-%d-%H:%M:%S" >> /path/sample.log
exit 0
We need to do the following to use this script in alert actions
Create an app "MyApp" with a "bin" directory and "default" directory
Place the sample.sh and another file .path file. The .path file should have the location of the executable.
In this example, we are creating a bash.path with "/bin/bash" as its contents.
In the default directory, create app.conf and alert_actions.conf.
app.conf
[launcher]
version = 1.0
[ui]
is_visible = false
label = Splunk Custom Alert Example
alert_actions.conf
[custom_script]
is_custom = 1
configure appearance in the UI
label = Custom Script Alert Action
description = Triggers a custom alert action
icon_path = custom_alert.png
override default script execution
alert.execute.cmd = bash.path
alert.execute.cmd.arg.1 = /opt/splunk/etc/apps/myapp/bin/sample.sh
alert.execute.cmd.arg.2 = Anyname
After splunk restart, a custom alert action will be created, which needs to be selected during the alert creation.
In the alert_actions.conf you can pass any number of arguments to your script.
If you want to use a custom script in alert actions and pass arguments to it when the alert is triggered
Let us assume a sample.sh script as below which will accept a name a argument and print to a sample.log file
!/bin/bash
echo "hello $1 @ date +%Y-%m-%d-%H:%M:%S" >> /path/sample.log
exit 0
We need to do the following to use this script in alert actions
Create an app "MyApp" with a "bin" directory and "default" directory
Place the sample.sh and another file .path file. The .path file should have the location of the executable.
In this example, we are creating a bash.path with "/bin/bash" as its contents.
In the default directory, create app.conf and alert_actions.conf.
app.conf
[launcher]
version = 1.0
[ui]
is_visible = false
label = Splunk Custom Alert Example
alert_actions.conf
[custom_script]
is_custom = 1
configure appearance in the UI
label = Custom Script Alert Action
description = Triggers a custom alert action
icon_path = custom_alert.png
override default script execution
alert.execute.cmd = bash.path
alert.execute.cmd.arg.1 = /opt/splunk/etc/apps/myapp/bin/sample.sh
alert.execute.cmd.arg.2 = Anyname
After splunk restart, a custom alert action will be created, which needs to be selected during the alert creation.
In the alert_actions.conf you can pass any number of arguments to your script.
If you just name your script custom_script.sh
- using exactly the phrase from the corresponding alerts_action.conf
stanza, the bash.path
file and the alert.execute.*
entries in alert_actions.conf
are not necessary.
If you want to use a custom script in alert actions and pass arguments to it when the alert is triggered
Let us assume a sample.sh script as below which will accept a name a argument and print to a sample.log file
echo "hello $1 @ date +%Y-%m-%d-%H:%M:%S
" >> /path/sample.log
exit 0
We need to do the following to use this script in alert actions
Create an app "MyApp" with a "bin" directory and "default" directory
Place the sample.sh and another file .path file. The .path file should have the location of the executable.
In this example, we are creating a bash.path with "/bin/bash" as its contents.
In the default directory, create app.conf and alert_actions.conf.
app.conf
[launcher]
version = 1.0
[ui]
is_visible = false
label = Splunk Custom Alert Example
alert_actions.conf
[custom_script]
is_custom = 1
label = Custom Script Alert Action
description = Triggers a custom alert action
icon_path = custom_alert.png
alert.execute.cmd = bash.path
alert.execute.cmd.arg.1 = /opt/splunk/etc/apps/myapp/bin/sample.sh
alert.execute.cmd.arg.2 = Anyname
After splunk restart, a custom alert action will be created, which needs to be selected during the alert creation.
In the alert_actions.conf you can pass any number of arguments to your script.