Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Alert Script on Windows

gdavid
Path Finder
‎09-25-2013 08:27 AM

I am trying to find info on how to write a custom alert script in python on windows.

Initially i thought i would write a custom email script to modify some fields and subject lines etc to create tickets via email.
Based on this script, i could later create a ticket directly with my ticketing platform.

I can't seem to find any info on the scripts and modules available to splunk internally (ex: email). I see the SDKs for various languages but this seems to be from outside splunk. What if i want to leverage a script inside splunk and just use the same modules? i know i could rip apart the current sendemail.py, it just seems like this might be documented already somewhere.

Also there is so no clear indication for me on how to get the results of a search alert into my script.
There is an article here on how to do this, but it seems not to be for windows.
http://www.seanelavelle.com/2012/04/11/scripting-splunk-alerts-with-python/

thanks

gd

0 Karma
Reply

MartinMcNutt
Communicator
‎09-25-2013 11:25 AM

I am currently trying to do the same but with powershell. I want to execute a script to update a users attribute if value/Alert is triggered.

I found this document which I have been using to start working on it.

ConfiguringScriptedAlerts

Reply

gdavid
Path Finder
‎09-25-2013 04:30 PM

right i saw that page, but it still leaves me with a ton of questions. so in order to use python, they have this block:

to use Python to interpret the script file:
'---- myscript.py -----
'#!/path/to/python
'.....
'.....

does this mean that i need to install my own version of python? or is there a way to point it to the version installed with splunk?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...