Solved: Is there a way to have splunk launch a program to ...

crayy8 · ‎05-22-2015

I just started playing around with Splunk a few days ago and am wondering if there is some way to have splunk alerts trigger an Incident Response program to do a collection?

Thanks!

Yasaswy · ‎05-22-2015

Hi, Yes you should be able to run a script for an alert action. So the customization options are only limited by the capabilities of the IR program. If it facilitates a scripted trigger you can certainly launch it from Splunk.

You can check out the info on alert actions here.

View solution in original post

crayy8 · ‎05-22-2015

Hi Yasaswy thanks for the reply! Do you know if there are other ways to trigger programs when specific events occur? Just curious as I like to know all of my options.

Thanks!

Yasaswy · ‎05-22-2015

Hi ... yw. I am not aware of good options from within splunk other then leveraging the alert actions. However, you can operate out side Splunk and use the Splunk API and REST calls to trigger other programs based on returns from Splunk calls.

Check out the alerts URI

Yasaswy · ‎05-22-2015

Hi, Yes you should be able to run a script for an alert action. So the customization options are only limited by the capabilities of the IR program. If it facilitates a scripted trigger you can certainly launch it from Splunk.

You can check out the info on alert actions here.

Is there a way to have splunk launch a program to do IR?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation