Alerting

How to configure custom alert for run python script

Explorer

Hi,

I have some problem with run python script in custom alert. I have the next file

alert_actions.conf
[DigitalTwingKeepwareCRC]
iscustom = 1
label = "Monitoreo de molino de Rio Claro"
description = "Ejecuta acciones sobre el molino de Rio Claro"
payload
format = json
param.resultcount = $job.resultCount$
param.search
query = $job.search$
param.results = resultslink
alert.execute.cmd = python
alert.execute.cmd.arg.0 = $SPLUNK
HOME$/etc/apps/DTw_CRC/bin/iotgateway/test.py
alert.execute.cmd.arg.1 = --execute

but in the _internal index I get the next event

ERROR sendmodalert - action=DigitalTwingKeepwareCRC - Failed to find alert.execute.cmd "python".

Please, help me

0 Karma

SplunkTrust
SplunkTrust

Hi,

In alert.execute.cmd you need to provide *.path file.

  1. Create $SPLUNK_HOME$/etc/apps/DTw_CRC/linux_x86_64/bin/directory.
  2. Create python.path file with below config and provide execute permission with chmod 750 python.path

    "$SPLUNK_HOME/bin/splunk" cmd python

  3. Use below config in alertactions.conf
    [DigitalTwingKeepwareCRC]
    is
    custom = 1
    label = "Monitoreo de molino de Rio Claro"
    description = "Ejecuta acciones sobre el molino de Rio Claro"
    payloadformat = json
    param.result
    count = $job.resultCount$
    param.searchquery = $job.search$
    param.results = results
    link
    alert.execute.cmd = python.path
    alert.execute.cmd.arg.0 = $SPLUNKHOME$/etc/apps/DTwCRC/bin/iotgateway/test.py
    alert.execute.cmd.arg.1 = --execute

0 Karma

Explorer

Hi,

I created $SPLUNKHOME$/etc/apps/DTwCRC/linuxx8664/bin/ directory.

In the last location, I created python.path file, and in this file write "$SPLUNK_HOME/bin/splunk" cmd python

I edited alert_actions.conf

But I get the next error:

04-01-2019 13:05:01.910 0000 ERROR sendmodalert - action=DigitalTwingKeepwareCRC - Failed to find alert.execute.cmd "python.path".

What's my error?

0 Karma

SplunkTrust
SplunkTrust

I have tested above config in my lab and failed but below config is working fine.

Please change $SPLUNK_HOME$/etc/apps/DTw_CRC/linux_x86_64/bin/python.path with below config

$SPLUNK_HOME/bin/python

Add below config in $SPLUNK_HOME$/etc/apps/DTw_CRC/metadata/default.meta

[alert_actions/DigitalTwingKeepwareCRC]
access = read : [ * ], write : [ admin ]
export = system
owner = nobody
0 Karma