Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Passing a custom string from alert into a script (Python or bash)

moin3949
Observer
‎02-02-2022 07:49 PM

I am pretty new to Splunk and trying to figure out how alert notification and adding a script to it works.

My alert will basically return a line from  a log stream every time it matches my search criteria, which will be something like this"

  process completed for config some_name having RUN_ID 1129 (it could be multiple lines)

my goal is to get the "config_name" part from here and send it as a column name into a sql query that either I put it in a bash or python script:

  select "config_name" from table;

how are the alert result and the script  connected? can someone bring an example? saw few posts (https://community.splunk.com/t5/Alerting/how-to-pass-custom-strings-from-a-Splunk-Alert-into-a-pytho... but not quite getting it....

any help would be appreciate it! 

 

 

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎02-02-2022 10:59 PM

See https://docs.splunk.com/Documentation/Splunk/8.2.4/AdvancedDev/ModAlertsIntro

Especially the logger.py example.

As a side note - you should never rely on user supplied data like this - don't name the databse query column after a search field.

0 Karma
Reply

moin3949
Observer
‎02-03-2022 06:58 AM

This doesn't answer my question .this is writing the alert into a log file which is not my intention ...

I want to grab a keyword from the returned string(alert result ) and send it to my custom string.

Tags (1)
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...