Solved: Send trap NSMP to an external system

gcusello · ‎11-03-2016

Hi at all,
I have a (probably) very stupid question: I have to send alerts to an external system (IBM NetCool) using SNMP traps.
I configured an alert to run a perl script to do this and runs.
My question is: Splunk passes to the script eight parameters:

$ARGV[0]; # $1 - Number of events returned
$ARGV[1]; # $2 - Search terms
$ARGV[2]; # $3 - Fully qualified query string
$ARGV[3]; # $4 - Name of savedsearch
$ARGV[4]; # $5 - Reason saved search triggered
$ARGV[5]; # $6 - URL/Permalink of saved search
$ARGV[6]; # $7 - Always empty as of 4.1
$ARGV[7]; # $8 - Path to raw saved results in Splunk instance (advanced)

but I don't see the search results (events that triggered my alert).

How can I pass to NetCool these results?
Maybe NetCool must connect to Splunk to the link of $ARGV[7] ?
It isn't so functional! probably there is another way!

In addition I see that parameters $ARGV[2] and $ARGV[3] give the same value (alert search).

Bye.

Giuseppe

bmacias84 · ‎11-03-2016

Hello @cusello,

Why not just have your script read the $ARGV[5] and send the results? I would also suggest building this as an alert action similar to splunk-add-on-jira-alerts which does things similarly. Also alert actions are first class citizens in Splunk.

View solution in original post

jkat54 · ‎11-03-2016

Did you see the SNMP-ma app?

bmacias84 · ‎11-03-2016

Hello @cusello,

Why not just have your script read the $ARGV[5] and send the results? I would also suggest building this as an alert action similar to splunk-add-on-jira-alerts which does things similarly. Also alert actions are first class citizens in Splunk.

gcusello · ‎11-15-2016

Thank you bmacias84,
I did something like you suggested:
in my script I take the tgz file containing results, I explode it and I send results in the 8th field.
Bye.
Giuseppe

Send trap NSMP to an external system

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout