- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Alerting
- :
- Link to alert result needed as a variable
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I would like to get the link to the alert results under a variable, possibly already during the alert base search (at the end of it). Is it possible?
Basically I need sth like what I get from Activity --> Triggered Alerts --> View Results, e.g.:
https://splunk-ml.zone1.mo.sap.corp/en-US/app/mlbso/search?sid=scheduler__d046266__mlbso__RMD588cf20... ..... etc, etc.
but already at the end of the alert search, that I can set a variable out of it.
The reason is, that I need to integrate my alerts to another tool and there I have a very limited possibility of using texts, so there is no chance to build the output like in Splunk.
What I thought would be best, was to pass the link to the alert results that the alert processor can access splunk directly. For that I need this result link in some kind of variable set with eval ...
Is it possible?
Kind Regards,
Kamil
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In Custom Alert action payload you can find results_link which contain Splunk Web Job result link . See example https://docs.splunk.com/Documentation/Splunk/8.0.2/AdvancedDev/ModAlertsBasicExample
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In Custom Alert action payload you can find results_link which contain Splunk Web Job result link . See example https://docs.splunk.com/Documentation/Splunk/8.0.2/AdvancedDev/ModAlertsBasicExample
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could you please convert your answer that I can accept it?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Done, thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you planning to use Custom Alert Action to send results to 3rd party tool ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, we wrote one in python and we choose it from the drop down list of the actions.
Kind Regards,
Kamil
Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!
Transform your security operations with Splunk Enterprise Security
Splunk Admins and App Developers | Earn a $35 gift card!
