Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to - Custom alert action (passing arguments to custom scripts)

mbagali_splunk
Splunk Employee
Splunk Employee
‎01-31-2019 04:21 AM

How to use a custom script in alert actions and pass arguments to it when the alert is triggered

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎01-31-2019 04:23 AM

If you want to use a custom script in alert actions and pass arguments to it when the alert is triggered

Let us assume a sample.sh script as below which will accept a name a argument and print to a sample.log file

!/bin/bash
echo "hello $1 @ date +%Y-%m-%d-%H:%M:%S" >> /path/sample.log
exit 0

We need to do the following to use this script in alert actions

Create an app "MyApp" with a "bin" directory and "default" directory

Place the sample.sh and another file .path file. The .path file should have the location of the executable.

In this example, we are creating a bash.path with "/bin/bash" as its contents.

In the default directory, create app.conf and alert_actions.conf.

app.conf

[launcher]
version = 1.0

[ui]
is_visible = false
label = Splunk Custom Alert Example

alert_actions.conf

[custom_script]

flag the action as custom alert action

is_custom = 1

configure appearance in the UI
label = Custom Script Alert Action
description = Triggers a custom alert action
icon_path = custom_alert.png

override default script execution
alert.execute.cmd = bash.path
alert.execute.cmd.arg.1 = /opt/splunk/etc/apps/myapp/bin/sample.sh
alert.execute.cmd.arg.2 = Anyname

After splunk restart, a custom alert action will be created, which needs to be selected during the alert creation.

In the alert_actions.conf you can pass any number of arguments to your script.

View solution in original post

Reply
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎01-31-2019 04:23 AM

If you want to use a custom script in alert actions and pass arguments to it when the alert is triggered

Let us assume a sample.sh script as below which will accept a name a argument and print to a sample.log file

!/bin/bash
echo "hello $1 @ date +%Y-%m-%d-%H:%M:%S" >> /path/sample.log
exit 0

We need to do the following to use this script in alert actions

Create an app "MyApp" with a "bin" directory and "default" directory

Place the sample.sh and another file .path file. The .path file should have the location of the executable.

In this example, we are creating a bash.path with "/bin/bash" as its contents.

In the default directory, create app.conf and alert_actions.conf.

app.conf

[launcher]
version = 1.0

[ui]
is_visible = false
label = Splunk Custom Alert Example

alert_actions.conf

[custom_script]

flag the action as custom alert action

is_custom = 1

configure appearance in the UI
label = Custom Script Alert Action
description = Triggers a custom alert action
icon_path = custom_alert.png

override default script execution
alert.execute.cmd = bash.path
alert.execute.cmd.arg.1 = /opt/splunk/etc/apps/myapp/bin/sample.sh
alert.execute.cmd.arg.2 = Anyname

After splunk restart, a custom alert action will be created, which needs to be selected during the alert creation.

In the alert_actions.conf you can pass any number of arguments to your script.

Reply
Solved! Jump to solution

rvany
Communicator
‎05-03-2019 03:18 AM

If you just name your script custom_script.sh - using exactly the phrase from the corresponding alerts_action.conf stanza, the bash.path file and the alert.execute.* entries in alert_actions.conf are not necessary.

Reply
Solved! Jump to solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎01-31-2019 04:22 AM

If you want to use a custom script in alert actions and pass arguments to it when the alert is triggered

Let us assume a sample.sh script as below which will accept a name a argument and print to a sample.log file

!/bin/bash

echo "hello $1 @ date +%Y-%m-%d-%H:%M:%S" >> /path/sample.log
exit 0

We need to do the following to use this script in alert actions

Create an app "MyApp" with a "bin" directory and "default" directory

Place the sample.sh and another file .path file. The .path file should have the location of the executable.

In this example, we are creating a bash.path with "/bin/bash" as its contents.

In the default directory, create app.conf and alert_actions.conf.

app.conf

[launcher]
version = 1.0

[ui]
is_visible = false
label = Splunk Custom Alert Example

alert_actions.conf

[custom_script]

flag the action as custom alert action

is_custom = 1

configure appearance in the UI

label = Custom Script Alert Action
description = Triggers a custom alert action
icon_path = custom_alert.png

override default script execution

alert.execute.cmd = bash.path
alert.execute.cmd.arg.1 = /opt/splunk/etc/apps/myapp/bin/sample.sh
alert.execute.cmd.arg.2 = Anyname

After splunk restart, a custom alert action will be created, which needs to be selected during the alert creation.

In the alert_actions.conf you can pass any number of arguments to your script.

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...