Alerting
Highlighted

Link to alert result needed as a variable

Contributor

Hello,

I would like to get the link to the alert results under a variable, possibly already during the alert base search (at the end of it). Is it possible?
Basically I need sth like what I get from Activity --> Triggered Alerts --> View Results, e.g.:

https://splunk-ml.zone1.mo.sap.corp/en-US/app/mlbso/search?sid=scheduler__d046266__mlbso__RMD588cf20... ..... etc, etc.

but already at the end of the alert search, that I can set a variable out of it.
The reason is, that I need to integrate my alerts to another tool and there I have a very limited possibility of using texts, so there is no chance to build the output like in Splunk.
What I thought would be best, was to pass the link to the alert results that the alert processor can access splunk directly. For that I need this result link in some kind of variable set with eval ...

Is it possible?

Kind Regards,
Kamil

Labels (1)
Tags (1)
0 Karma
Highlighted

Re: Link to alert result needed as a variable

SplunkTrust
SplunkTrust

Are you planning to use Custom Alert Action to send results to 3rd party tool ?

0 Karma
Highlighted

Re: Link to alert result needed as a variable

Contributor

Yes, we wrote one in python and we choose it from the drop down list of the actions.

Kind Regards,
Kamil

0 Karma
Highlighted

Re: Link to alert result needed as a variable

SplunkTrust
SplunkTrust

In Custom Alert action payload you can find results_link which contain Splunk Web Job result link . See example https://docs.splunk.com/Documentation/Splunk/8.0.2/AdvancedDev/ModAlertsBasicExample

View solution in original post

0 Karma
Highlighted

Re: Link to alert result needed as a variable

Contributor

Thank you.

0 Karma
Highlighted

Re: Link to alert result needed as a variable

Contributor

Could you please convert your answer that I can accept it?

0 Karma
Highlighted

Re: Link to alert result needed as a variable

SplunkTrust
SplunkTrust

Done, thanks.

0 Karma