Alerting

about sending alert

Shihab
New Member

Hello,

i am new to Splunk.I posted it before but didn't get a reply so posting again.

currently, I am trying to send one alert to a test website(located as localhost). The web is made by python and flask by the way.
is there any way I can do that with workflow?
if not then is there other ways?

can someone show me the steps?

thanks a lot

Labels (3)
0 Karma

Shihab
New Member

Hi @gcusello 

i wanted to send the alert information from the gmail to the website.

the alert information is already sent to gmail.so i wanted to fetch the gmail notification or the information of that email to the website 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Shihab,

you can enable more than one action when an alert is fired, an email to Gmail is the first, then you can enable a webhook to the other site.

As I said, the main problem isn't to send an alert to an external site, the main problem is the content of the message, as describer in the second part of my previous answer.

Ciao.

Giuseppe

0 Karma

Shihab
New Member

@gcusello The content is basically the list of the IP addresses.

i will follow the guidelines that you gave me

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Shihab,

You could use as alert action a Webhook (a generic HTTP POST to a an external url), as you can see at https://docs.splunk.com/Documentation/Splunk/8.1.3/Alert/Webhooks .

Otherwise you could create a script that make a call to your website (eventually using API if present).

Then you can use this script as action for your alert.

there's only one problem: what information you want to pass to your web site bcause Splunk alerts passes 8 information (title, search, etc...) but not the content of the search.

If you want to pass to the website also the results of the alert search, you have to create a workaround that I described in another question https://community.splunk.com/t5/Archive/How-send-splunk-alerts-to-netcool/m-p/494381

In few words,  in the 0 fields related to a fired alert you can find the url of a zipped files that contains the results of the search but you cannot send it to your website and you have to unzip it and add to one of the eight fields.

As I said you have to do this using a script in the language you like

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...