Hello,
I am using Splunk 6.5.1 and I am working with alert trigger actions that run scripts. The documentation here states that this functionality has been officially deprecated. Does this mean that I should stop using it because it will disappear from the platform altogether?
Regards,
Andrew
Splunk defines deprecation here: https://docs.splunk.com/Documentation/Splunk/6.5.2/ReleaseNotes/Deprecatedfeatures
What does "deprecated" mean?
Deprecated features and platforms continue to work and Splunk supports them until support is removed. However, customers should begin to plan now for the future removal of support.
You're unlikely to get an official forward-looking statement as to when or even if a deprecated feature will be removed.
Personally, I doubt the run a script alert action is going to be removed any time soon because many legacy apps still use it. I'd recommend any newly built feature should use the custom alert action framework, and any existing feature should be migrated when there's a good opportunity for it.
Splunk defines deprecation here: https://docs.splunk.com/Documentation/Splunk/6.5.2/ReleaseNotes/Deprecatedfeatures
What does "deprecated" mean?
Deprecated features and platforms continue to work and Splunk supports them until support is removed. However, customers should begin to plan now for the future removal of support.
You're unlikely to get an official forward-looking statement as to when or even if a deprecated feature will be removed.
Personally, I doubt the run a script alert action is going to be removed any time soon because many legacy apps still use it. I'd recommend any newly built feature should use the custom alert action framework, and any existing feature should be migrated when there's a good opportunity for it.
This should have all you need: http://docs.splunk.com/Documentation/Splunk/6.5.2/AdvancedDev/ModAlertsIntro
Thanks Martin,
i was going over the youtube video, and its not dumb down enough or easy to follow.
we create an app, but how can i enable my search string to be able to be available now in this new APP on the alert, and the structure. it seems to have made it a bit more complicated to use that the way it was working before. and is it limited to python only? cant use bash anymore?
is there any way i can still use the old way, that seems to much easier than this new way. it seems like overkill to a simple script call i want to do.
appreciate the quick response and assistance so far. 😃
Hi Martin,
Could you please create an app and share the configuration which has the same option like Run the script(We can input the script name to be invoked as an alert action) so that we wont get the warnings as deprecated.
Thanks Martin, perfect response.
Side question: do you know of any step-by-step tutorials on how to configure the new custom alert actions in the same way the "Run a script" feature works?
Regards,
Andrew