Alerting

Will the "Run a script" trigger action for alerts disappear now that it is deprecated?

andrewtrobec
Motivator

Hello,

I am using Splunk 6.5.1 and I am working with alert trigger actions that run scripts. The documentation here states that this functionality has been officially deprecated. Does this mean that I should stop using it because it will disappear from the platform altogether?

Regards,

Andrew

Labels (1)
Tags (1)
0 Karma
1 Solution

martin_mueller
SplunkTrust
SplunkTrust

Splunk defines deprecation here: https://docs.splunk.com/Documentation/Splunk/6.5.2/ReleaseNotes/Deprecatedfeatures

What does "deprecated" mean?

Deprecated features and platforms continue to work and Splunk supports them until support is removed. However, customers should begin to plan now for the future removal of support.

You're unlikely to get an official forward-looking statement as to when or even if a deprecated feature will be removed.
Personally, I doubt the run a script alert action is going to be removed any time soon because many legacy apps still use it. I'd recommend any newly built feature should use the custom alert action framework, and any existing feature should be migrated when there's a good opportunity for it.

View solution in original post

martin_mueller
SplunkTrust
SplunkTrust

Splunk defines deprecation here: https://docs.splunk.com/Documentation/Splunk/6.5.2/ReleaseNotes/Deprecatedfeatures

What does "deprecated" mean?

Deprecated features and platforms continue to work and Splunk supports them until support is removed. However, customers should begin to plan now for the future removal of support.

You're unlikely to get an official forward-looking statement as to when or even if a deprecated feature will be removed.
Personally, I doubt the run a script alert action is going to be removed any time soon because many legacy apps still use it. I'd recommend any newly built feature should use the custom alert action framework, and any existing feature should be migrated when there's a good opportunity for it.

martin_mueller
SplunkTrust
SplunkTrust
0 Karma

thaghost99
Path Finder

Thanks Martin,

i was going over the youtube video, and its not dumb down enough or easy to follow.

we create an app, but how can i enable my search string to be able to be available now in this new APP on the alert, and the structure. it seems to have made it a bit more complicated to use that the way it was working before. and is it limited to python only? cant use bash anymore?

is there any way i can still use the old way, that seems to much easier than this new way. it seems like overkill to a simple script call i want to do.

 

appreciate the quick response and assistance so far.  😃

0 Karma

rajagurup
New Member

Hi Martin,

Could you please create an app and share the configuration which has the same option like Run the script(We can input the script name to be invoked as an alert action) so that we wont get the warnings as deprecated.

0 Karma

andrewtrobec
Motivator

Thanks Martin, perfect response.

Side question: do you know of any step-by-step tutorials on how to configure the new custom alert actions in the same way the "Run a script" feature works?

Regards,

Andrew

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...