Alerting

How to configure custom alert for run python script

jacruzs
Explorer

Hi,

I have some problem with run python script in custom alert. I have the next file

alert_actions.conf
[DigitalTwingKeepwareCRC]
is_custom = 1
label = "Monitoreo de molino de Rio Claro"
description = "Ejecuta acciones sobre el molino de Rio Claro"
payload_format = json
param.result_count = $job.resultCount$
param.search_query = $job.search$
param.results = results_link
alert.execute.cmd = python
alert.execute.cmd.arg.0 = $SPLUNK_HOME$/etc/apps/DTw_CRC/bin/iotgateway/test.py
alert.execute.cmd.arg.1 = --execute

but in the _internal index I get the next event

ERROR sendmodalert - action=DigitalTwingKeepwareCRC - Failed to find alert.execute.cmd "python".

Please, help me

0 Karma

harsmarvania57
Ultra Champion

Hi,

In alert.execute.cmd you need to provide *.path file.

  1. Create $SPLUNK_HOME$/etc/apps/DTw_CRC/linux_x86_64/bin/directory.
  2. Create python.path file with below config and provide execute permission with chmod 750 python.path

    "$SPLUNK_HOME/bin/splunk" cmd python

  3. Use below config in alert_actions.conf
    [DigitalTwingKeepwareCRC]
    is_custom = 1
    label = "Monitoreo de molino de Rio Claro"
    description = "Ejecuta acciones sobre el molino de Rio Claro"
    payload_format = json
    param.result_count = $job.resultCount$
    param.search_query = $job.search$
    param.results = results_link
    alert.execute.cmd = python.path
    alert.execute.cmd.arg.0 = $SPLUNK_HOME$/etc/apps/DTw_CRC/bin/iotgateway/test.py
    alert.execute.cmd.arg.1 = --execute

0 Karma

jacruzs
Explorer

Hi,

I created $SPLUNK_HOME$/etc/apps/DTw_CRC/linux_x86_64/bin/ directory.

In the last location, I created python.path file, and in this file write "$SPLUNK_HOME/bin/splunk" cmd python

I edited alert_actions.conf

But I get the next error:

04-01-2019 13:05:01.910 0000 ERROR sendmodalert - action=DigitalTwingKeepwareCRC - Failed to find alert.execute.cmd "python.path".

What's my error?

0 Karma

harsmarvania57
Ultra Champion

I have tested above config in my lab and failed but below config is working fine.

Please change $SPLUNK_HOME$/etc/apps/DTw_CRC/linux_x86_64/bin/python.path with below config

$SPLUNK_HOME/bin/python

Add below config in $SPLUNK_HOME$/etc/apps/DTw_CRC/metadata/default.meta

[alert_actions/DigitalTwingKeepwareCRC]
access = read : [ * ], write : [ admin ]
export = system
owner = nobody
0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...