Alerting
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Alerting
- :
- Re: How to configure custom alert for run python s...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to configure custom alert for run python script
jacruzs
Explorer
03-29-2019
08:09 AM
Hi,
I have some problem with run python script in custom alert. I have the next file
alert_actions.conf
[DigitalTwingKeepwareCRC]
is_custom = 1
label = "Monitoreo de molino de Rio Claro"
description = "Ejecuta acciones sobre el molino de Rio Claro"
payload_format = json
param.result_count = $job.resultCount$
param.search_query = $job.search$
param.results = results_link
alert.execute.cmd = python
alert.execute.cmd.arg.0 = $SPLUNK_HOME$/etc/apps/DTw_CRC/bin/iotgateway/test.py
alert.execute.cmd.arg.1 = --execute
but in the _internal index I get the next event
ERROR sendmodalert - action=DigitalTwingKeepwareCRC - Failed to find alert.execute.cmd "python".
Please, help me
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
04-01-2019
01:46 AM
Hi,
In alert.execute.cmd you need to provide *.path file.
- Create
$SPLUNK_HOME$/etc/apps/DTw_CRC/linux_x86_64/bin/directory. Create
python.pathfile with below config and provide execute permission withchmod 750 python.path"$SPLUNK_HOME/bin/splunk" cmd python
Use below config in alert_actions.conf
[DigitalTwingKeepwareCRC]
is_custom = 1
label = "Monitoreo de molino de Rio Claro"
description = "Ejecuta acciones sobre el molino de Rio Claro"
payload_format = json
param.result_count = $job.resultCount$
param.search_query = $job.search$
param.results = results_link
alert.execute.cmd = python.path
alert.execute.cmd.arg.0 = $SPLUNK_HOME$/etc/apps/DTw_CRC/bin/iotgateway/test.py
alert.execute.cmd.arg.1 = --execute
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jacruzs
Explorer
04-01-2019
06:13 AM
Hi,
I created $SPLUNK_HOME$/etc/apps/DTw_CRC/linux_x86_64/bin/ directory.
In the last location, I created python.path file, and in this file write "$SPLUNK_HOME/bin/splunk" cmd python
I edited alert_actions.conf
But I get the next error:
04-01-2019 13:05:01.910 0000 ERROR sendmodalert - action=DigitalTwingKeepwareCRC - Failed to find alert.execute.cmd "python.path".
What's my error?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
04-01-2019
12:41 PM
I have tested above config in my lab and failed but below config is working fine.
Please change $SPLUNK_HOME$/etc/apps/DTw_CRC/linux_x86_64/bin/python.path with below config
$SPLUNK_HOME/bin/python
Add below config in $SPLUNK_HOME$/etc/apps/DTw_CRC/metadata/default.meta
[alert_actions/DigitalTwingKeepwareCRC]
access = read : [ * ], write : [ admin ]
export = system
owner = nobody
Get Updates on the Splunk Community!
Building Reliable Asset and Identity Frameworks in Splunk ES
Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...
Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting
For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...
Automatic Discovery Part 3: Practical Use Cases
If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...
