Alerting

about sending alert

Shihab
New Member

Hello,

i am new to Splunk.I posted it before but didn't get a reply so posting again.

currently, I am trying to send one alert to a test website(located as localhost). The web is made by python and flask by the way.
is there any way I can do that with workflow?
if not then is there other ways?

can someone show me the steps?

thanks a lot

Labels (3)
0 Karma

Shihab
New Member

Hi @gcusello 

i wanted to send the alert information from the gmail to the website.

the alert information is already sent to gmail.so i wanted to fetch the gmail notification or the information of that email to the website 

0 Karma

gcusello
Esteemed Legend

Hi @Shihab,

you can enable more than one action when an alert is fired, an email to Gmail is the first, then you can enable a webhook to the other site.

As I said, the main problem isn't to send an alert to an external site, the main problem is the content of the message, as describer in the second part of my previous answer.

Ciao.

Giuseppe

0 Karma

Shihab
New Member

@gcusello The content is basically the list of the IP addresses.

i will follow the guidelines that you gave me

0 Karma

gcusello
Esteemed Legend

Hi @Shihab,

You could use as alert action a Webhook (a generic HTTP POST to a an external url), as you can see at https://docs.splunk.com/Documentation/Splunk/8.1.3/Alert/Webhooks .

Otherwise you could create a script that make a call to your website (eventually using API if present).

Then you can use this script as action for your alert.

there's only one problem: what information you want to pass to your web site bcause Splunk alerts passes 8 information (title, search, etc...) but not the content of the search.

If you want to pass to the website also the results of the alert search, you have to create a workaround that I described in another question https://community.splunk.com/t5/Archive/How-send-splunk-alerts-to-netcool/m-p/494381

In few words,  in the 0 fields related to a fired alert you can find the url of a zipped files that contains the results of the search but you cannot send it to your website and you have to unzip it and add to one of the eight fields.

As I said you have to do this using a script in the language you like

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...