Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Passing a custom string from alert into a script (Python or bash)

moin3949
Observer
‎02-02-2022 07:49 PM

I am pretty new to Splunk and trying to figure out how alert notification and adding a script to it works.

My alert will basically return a line from  a log stream every time it matches my search criteria, which will be something like this"

  process completed for config some_name having RUN_ID 1129 (it could be multiple lines)

my goal is to get the "config_name" part from here and send it as a column name into a sql query that either I put it in a bash or python script:

  select "config_name" from table;

how are the alert result and the script  connected? can someone bring an example? saw few posts (https://community.splunk.com/t5/Alerting/how-to-pass-custom-strings-from-a-Splunk-Alert-into-a-pytho... but not quite getting it....

any help would be appreciate it! 

 

 

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎02-02-2022 10:59 PM

See https://docs.splunk.com/Documentation/Splunk/8.2.4/AdvancedDev/ModAlertsIntro

Especially the logger.py example.

As a side note - you should never rely on user supplied data like this - don't name the databse query column after a search field.

0 Karma
Reply

moin3949
Observer
‎02-03-2022 06:58 AM

This doesn't answer my question .this is writing the alert into a log file which is not my intention ...

I want to grab a keyword from the returned string(alert result ) and send it to my custom string.

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...