Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Scripts for Alert Actions

nawazns5038
Builder
‎01-25-2018 04:38 PM

Hi,

Can I please get an example of a script to make use of the alerts results.
I have read the documentation that the "$SPLUNK_ARG_8" has the location that holds the results in a zip file .
I want to know how can I access the zip file or open it and use the results by a python or a shell script.

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎01-25-2018 05:51 PM

Example with scripted alert
https://docs.splunk.com/Documentation/SplunkCloud/latest/Alert/Configuringscriptedalerts
The idea behind the argument to the result zip file, is to use verify the presence of the file, then unzip, read the results (sometimes in csv). then trigger actions. As the scripts runs as the splunk user, it should be able to access the file.
Also splunk ships with python so you can use this language.

Otherwise nowadays, the supported method is to use custom alert actions

http://docs.splunk.com/Documentation/SplunkCloud/latest/Alert/CreateCustomAlerts

0 Karma
Reply

nawazns5038
Builder
‎01-26-2018 05:39 PM

Yes I could see the link,
Could you please paste some example scripts that are in use or that can be used.

Reply

nawazns5038
Builder
‎01-25-2018 05:24 PM

Can we use python scripts other than shell scripts for alert actions ?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...