Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Passing a custom string from alert into a script (Python or bash)

moin3949
Observer
‎02-02-2022 07:49 PM

I am pretty new to Splunk and trying to figure out how alert notification and adding a script to it works.

My alert will basically return a line from  a log stream every time it matches my search criteria, which will be something like this"

  process completed for config some_name having RUN_ID 1129 (it could be multiple lines)

my goal is to get the "config_name" part from here and send it as a column name into a sql query that either I put it in a bash or python script:

  select "config_name" from table;

how are the alert result and the script  connected? can someone bring an example? saw few posts (https://community.splunk.com/t5/Alerting/how-to-pass-custom-strings-from-a-Splunk-Alert-into-a-pytho... but not quite getting it....

any help would be appreciate it! 

 

 

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎02-02-2022 10:59 PM

See https://docs.splunk.com/Documentation/Splunk/8.2.4/AdvancedDev/ModAlertsIntro

Especially the logger.py example.

As a side note - you should never rely on user supplied data like this - don't name the databse query column after a search field.

0 Karma
Reply

moin3949
Observer
‎02-03-2022 06:58 AM

This doesn't answer my question .this is writing the alert into a log file which is not my intention ...

I want to grab a keyword from the returned string(alert result ) and send it to my custom string.

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...