Re: Passing the argument to the shell script on cu...

alwaysumer1 · ‎10-03-2017

Hey there,

I've created a custom alert action on splunk. This is my directory structure:
/apps
/bin
[shell script]
/default
app.conf
alert_actions.conf
data/
ui/
alerts/
[html file]
/appserver
/static
[png file]
/README
/alert_actions.conf.spec

I'm making use of all the 8 arguments that the splunk provides, However I want to pass an argument to the shell script which the user gives on the UI. Please help

sduff_splunk · ‎10-03-2017

The username is not passed to the script.

What you may need to do is include the username as part of your search results. Its messy, but it will work. You can do so with something like the following, using the append command to add an additional row containing the username. Your script will need to look for this row/field and get the username in that fashion.

index=_internal | stats count by component | append [ rest /services/authentication/current-context/context | fields + username ]

Alternatively, your script could look at the splunk internal logs, and tie a few events together to determine who is calling the script.

burwell · ‎10-03-2017

I believe that you cannot easily do this without hacking the Splunk python code. That makes upgrades a pain. I did that for awhile. I gave up and have a variety of scripts with what I might want to pass in.

alwaysumer1 · ‎10-03-2017

I've gone thru it already but didn't find the solution.

sbbadri · ‎10-03-2017

Please go through below link,

http://docs.splunk.com/Documentation/Splunk/6.6.3/AdvancedDev/CustomAlertConfig
http://docs.splunk.com/Documentation/Splunk/6.6.3/AdvancedDev/CustomAlertScript

Passing the argument to the shell script on custom alert action.

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?