Alerting

about sending alert

Shihab
New Member

Hello,

i am new to Splunk.I posted it before but didn't get a reply so posting again.

currently, I am trying to send one alert to a test website(located as localhost). The web is made by python and flask by the way.
is there any way I can do that with workflow?
if not then is there other ways?

can someone show me the steps?

thanks a lot

Labels (3)
0 Karma

Shihab
New Member

Hi @gcusello 

i wanted to send the alert information from the gmail to the website.

the alert information is already sent to gmail.so i wanted to fetch the gmail notification or the information of that email to the website 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Shihab,

you can enable more than one action when an alert is fired, an email to Gmail is the first, then you can enable a webhook to the other site.

As I said, the main problem isn't to send an alert to an external site, the main problem is the content of the message, as describer in the second part of my previous answer.

Ciao.

Giuseppe

0 Karma

Shihab
New Member

@gcusello The content is basically the list of the IP addresses.

i will follow the guidelines that you gave me

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Shihab,

You could use as alert action a Webhook (a generic HTTP POST to a an external url), as you can see at https://docs.splunk.com/Documentation/Splunk/8.1.3/Alert/Webhooks .

Otherwise you could create a script that make a call to your website (eventually using API if present).

Then you can use this script as action for your alert.

there's only one problem: what information you want to pass to your web site bcause Splunk alerts passes 8 information (title, search, etc...) but not the content of the search.

If you want to pass to the website also the results of the alert search, you have to create a workaround that I described in another question https://community.splunk.com/t5/Archive/How-send-splunk-alerts-to-netcool/m-p/494381

In few words,  in the 0 fields related to a fired alert you can find the url of a zipped files that contains the results of the search but you cannot send it to your website and you have to unzip it and add to one of the eight fields.

As I said you have to do this using a script in the language you like

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...