Alerting

Modify session key expiration time custom script alert

mgarciar
Path Finder

Hi experts,

I have an alert that triggers a custom script (python), this script executes several validations on the data and creates a service using the passed session key to execute other 2 SPLs.
At some point the session key is expiring and script fails to execute SPLs.

I’m using the deprecated functionality for custom alerts.

Is there any way to increase the lifetime of the session key ?
Do I need to move to the new custom alert framework to avoid this issue?

I know I can move my code to a separate script that runs in a cron job outside splunk but then it’s more services to maintain plus having to use a username/password to create a splunk service.
The actual process is very convenient in that sense.

Thanks !

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...