Solved: Use a Python module in a custom alert action

eden881 · ‎09-02-2019

I have a custom alert action that I wrote using the manual on the documentation:

https://docs.splunk.com/Documentation/Splunk/7.3.1/AdvancedDev/ModAlertsIntro

I need to import a Python module (boto3) into my action's script.

How can I do that?
Where and how do I install the module?

MuS · ‎09-02-2019

Hi eden881,

you can download the module directory or use a python egg of the module, place it in the bin directory of your app (assuming you created your alert action in a seperate app) and use import boto3 at top of your script. That should import the module if all module dependencies are fulfilled.

Hope this helps ...

cheers, MuS

View solution in original post

MuS · ‎09-02-2019

Hi eden881,

you can download the module directory or use a python egg of the module, place it in the bin directory of your app (assuming you created your alert action in a seperate app) and use import boto3 at top of your script. That should import the module if all module dependencies are fulfilled.

Hope this helps ...

cheers, MuS

eden881 · ‎09-03-2019

Thank you! It worked well.

Use a Python module in a custom alert action

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout