Alerting

Modifying Scripted Alerts URL

eandresen
Path Finder

We are currently using scripted alerts from saved/scheduled searches to alert into our NetCool instance. Everything, but one part, is working great as we are using the following output variables to get the needed information for the Netcool alert.

SPLUNK_ARG_0 Script name
SPLUNK_ARG_1 Number of events returned
SPLUNK_ARG_2 Search terms
SPLUNK_ARG_3 Fully qualified query string
SPLUNK_ARG_4 Name of saved search
SPLUNK_ARG_5 Trigger reason (for example, "The number of events was greater than 1")
SPLUNK_ARG_6 Browser URL to view the saved search
SPLUNK_ARG_8 File in which the results for this search are stored (contains raw results) 

The one issue is with our Search Heads that are running SSO and Splunk is listening on an internal port of 8081 instead of the normal 443. When a Splunk alert fires and sends the information into Netcool, it uses port 443 in the URL provided as SPLUNK_ARG_6.

Is it possible to change the URL provided under SPLUNK_ARG_6 to use the internal port number instead of 443? And, yes, we know that we could break apart the variable in the script and replace the port number, but we would prefer to do it through a config change if it is possible.

Please let me know if you have any questions and thanks in advance for the help.

0 Karma
1 Solution

svoellin
Engager

In your alert script, you could use sed to search for the undesired port and replace it with the correct one:

SPLUNK_URL="echo $SPLUNK_ARG_6|sed 's/8081/443/g'"

View solution in original post

svoellin
Engager

In your alert script, you could use sed to search for the undesired port and replace it with the correct one:

SPLUNK_URL="echo $SPLUNK_ARG_6|sed 's/8081/443/g'"
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...