Solved: Is there a way to have splunk launch a program to ...

crayy8 · ‎05-22-2015

I just started playing around with Splunk a few days ago and am wondering if there is some way to have splunk alerts trigger an Incident Response program to do a collection?

Thanks!

Yasaswy · ‎05-22-2015

Hi, Yes you should be able to run a script for an alert action. So the customization options are only limited by the capabilities of the IR program. If it facilitates a scripted trigger you can certainly launch it from Splunk.

You can check out the info on alert actions here.

View solution in original post

crayy8 · ‎05-22-2015

Hi Yasaswy thanks for the reply! Do you know if there are other ways to trigger programs when specific events occur? Just curious as I like to know all of my options.

Thanks!

Yasaswy · ‎05-22-2015

Hi ... yw. I am not aware of good options from within splunk other then leveraging the alert actions. However, you can operate out side Splunk and use the Splunk API and REST calls to trigger other programs based on returns from Splunk calls.

Check out the alerts URI

Yasaswy · ‎05-22-2015

Hi, Yes you should be able to run a script for an alert action. So the customization options are only limited by the capabilities of the IR program. If it facilitates a scripted trigger you can certainly launch it from Splunk.

You can check out the info on alert actions here.

Is there a way to have splunk launch a program to do IR?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!