Alerting

How to configure custom alert for run python script

jacruzs
Explorer

Hi,

I have some problem with run python script in custom alert. I have the next file

alert_actions.conf
[DigitalTwingKeepwareCRC]
is_custom = 1
label = "Monitoreo de molino de Rio Claro"
description = "Ejecuta acciones sobre el molino de Rio Claro"
payload_format = json
param.result_count = $job.resultCount$
param.search_query = $job.search$
param.results = results_link
alert.execute.cmd = python
alert.execute.cmd.arg.0 = $SPLUNK_HOME$/etc/apps/DTw_CRC/bin/iotgateway/test.py
alert.execute.cmd.arg.1 = --execute

but in the _internal index I get the next event

ERROR sendmodalert - action=DigitalTwingKeepwareCRC - Failed to find alert.execute.cmd "python".

Please, help me

0 Karma

harsmarvania57
Ultra Champion

Hi,

In alert.execute.cmd you need to provide *.path file.

  1. Create $SPLUNK_HOME$/etc/apps/DTw_CRC/linux_x86_64/bin/directory.
  2. Create python.path file with below config and provide execute permission with chmod 750 python.path

    "$SPLUNK_HOME/bin/splunk" cmd python

  3. Use below config in alert_actions.conf
    [DigitalTwingKeepwareCRC]
    is_custom = 1
    label = "Monitoreo de molino de Rio Claro"
    description = "Ejecuta acciones sobre el molino de Rio Claro"
    payload_format = json
    param.result_count = $job.resultCount$
    param.search_query = $job.search$
    param.results = results_link
    alert.execute.cmd = python.path
    alert.execute.cmd.arg.0 = $SPLUNK_HOME$/etc/apps/DTw_CRC/bin/iotgateway/test.py
    alert.execute.cmd.arg.1 = --execute

0 Karma

jacruzs
Explorer

Hi,

I created $SPLUNK_HOME$/etc/apps/DTw_CRC/linux_x86_64/bin/ directory.

In the last location, I created python.path file, and in this file write "$SPLUNK_HOME/bin/splunk" cmd python

I edited alert_actions.conf

But I get the next error:

04-01-2019 13:05:01.910 0000 ERROR sendmodalert - action=DigitalTwingKeepwareCRC - Failed to find alert.execute.cmd "python.path".

What's my error?

0 Karma

harsmarvania57
Ultra Champion

I have tested above config in my lab and failed but below config is working fine.

Please change $SPLUNK_HOME$/etc/apps/DTw_CRC/linux_x86_64/bin/python.path with below config

$SPLUNK_HOME/bin/python

Add below config in $SPLUNK_HOME$/etc/apps/DTw_CRC/metadata/default.meta

[alert_actions/DigitalTwingKeepwareCRC]
access = read : [ * ], write : [ admin ]
export = system
owner = nobody
0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...