Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to do alerts integration with netcool?

danielbb
Motivator
‎03-21-2023 12:59 PM

We are trying to invoke alerts from Splunk to NetCool, and wondering what the right approach would be. We came up with 3 proposals -

Solution 1 : Create a script, and invoke in alert actions, and pass the parameters. 

Solution 2 : Create a custom command, and append it to the SPL, and pass the arguments. 

Solution 3: Create a custom alert action, with html form fields. (Just like Send Email/Snow) - Preferred 

 

We also came across Splunk dev documentation at Create custom alert actions for Splunk Cloud Platform or Splunk Enterprise 

Any feedback would be appreciated.

 

Labels (2)
Labels
0 Karma
Reply

danielbb
Motivator
‎03-22-2023 01:36 PM

Thank you @Tom_Lundie for the detailed explanation. I came across the following https://splunkbase.splunk.com/app/3596 do you think it's in the right direction?

0 Karma
Reply

Tom_Lundie
Contributor
‎03-22-2023 04:09 PM

You're welcome!

From what you've shared so far, I'm not exactly sure what your use case is. That being said, the app looks fine to me. If that does what you need it to, then why not give it a try?

At very least, you could use that as a starting template if your use-case is slightly different.

Also, please note, that app is not supported, so if it breaks you won't be able to raise a support case to fix it.

Tags (1)
0 Karma
Reply

Tom_Lundie
Contributor
‎03-21-2023 02:06 PM

You're definitely thinking along the right track and based off the information you've provided so far, this is definitely achievable and I would go with Option 3 too.

The documentation that you sent over has an example alert_action: splunk-app-examples/slack.py.

If you haven't done this before, I would probably start with that or a different alert_action that does something similar to what you're trying to achieve, e.g. raising an incident via Splunk TA for ServiceNow. Trace your example of choice through keeping the step-by-step documentation in-mind located on Splunk Dev.

Once you've got your head around how the app, alert_actions.conf, and python script work-together you'll be ready to start writing your own. Feel free to reply to this thread or start a new one if you run into any bumps along the way.

Also, I haven't used NetCool but I've noticed that there are a few different products out there that go by that name. It might be worth sharing some more details about exactly what you're trying to achieve in case anyone else has done this before.

Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...