Alerting

Passing a custom string from alert into a script (Python or bash)

moin3949
Observer

I am pretty new to Splunk and trying to figure out how alert notification and adding a script to it works.

My alert will basically return a line from  a log stream every time it matches my search criteria, which will be something like this"

  process completed for config some_name having RUN_ID 1129 (it could be multiple lines)

my goal is to get the "config_name" part from here and send it as a column name into a sql query that either I put it in a bash or python script:

  select "config_name" from table;

how are the alert result and the script  connected? can someone bring an example? saw few posts (https://community.splunk.com/t5/Alerting/how-to-pass-custom-strings-from-a-Splunk-Alert-into-a-pytho... but not quite getting it....

any help would be appreciate it! 

 

 

Labels (1)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

See https://docs.splunk.com/Documentation/Splunk/8.2.4/AdvancedDev/ModAlertsIntro

Especially the logger.py example.

As a side note - you should never rely on user supplied data like this - don't name the databse query column after a search field.

0 Karma

moin3949
Observer

This doesn't answer my question .this is writing the alert into a log file which is not my intention ...

I want to grab a keyword from the returned string(alert result ) and send it to my custom string.

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Introducing New Splunkbase Governance!

Splunk apps are essential for maximizing the value of your Splunk Experience. Whether you’re using the default ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...

3 Ways to Make OpenTelemetry Even Better

My role as an Observability Specialist at Splunk provides me with the opportunity to work with customers of ...