Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

cutom alert action python script

pipipipi
Path Finder
‎02-12-2020 12:55 AM

Hi all. I am struggling where should I check.

I want to make splunk user automatically.
so, I made this script.

test.py

import sys
import os
import request
import json

def test():

data = { 'name':'username', 'password':'password', 'roles':'user'}


response = request.post('https://mng_uri:8089/services/authentication/users', data=data, auth=('admin','passme'))


id __name__ == "__main__":
 test()

I can execute this scripts python test.py in my /home directory,

and I can create user.

so I made custom alert action.

I made an alert and select this custom action, but I can not create user.

I have no idea because there are no error in internal log(splunkd.log).

where should I check???

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎02-12-2020 06:49 PM

Add exception handling in your script and check if any error occurring in the splunkd logs.

 import sys
 import os
 import requests
 import json

 def test():
    data = { 'name':'username', 'password':'password', 'roles':'user'}
    response = requests.post('https://mng_uri:8089/services/authentication/users', data=data, auth=('admin','passme'))
    response.raise_for_status()

 if __name__ == "__main__":
    try:
        test()
    except Exception as e:
        print >> sys.stderr, "ERROR Unexpected error: %s" % e
        sys.exit(1)

View solution in original post

Reply
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎02-12-2020 06:49 PM

Add exception handling in your script and check if any error occurring in the splunkd logs.

 import sys
 import os
 import requests
 import json

 def test():
    data = { 'name':'username', 'password':'password', 'roles':'user'}
    response = requests.post('https://mng_uri:8089/services/authentication/users', data=data, auth=('admin','passme'))
    response.raise_for_status()

 if __name__ == "__main__":
    try:
        test()
    except Exception as e:
        print >> sys.stderr, "ERROR Unexpected error: %s" % e
        sys.exit(1)
Reply
Solved! Jump to solution

harsmarvania57
Ultra Champion
‎02-12-2020 02:13 AM

Search logs in splunkd.log for your alert action, you can use below query.

index=_internal sourcetype=splunkd component=sendmodalert
0 Karma
Reply
Solved! Jump to solution

pipipipi
Path Finder
‎02-12-2020 05:14 PM

Thank you. but exit code =0.
I can not understand def process_event(helper, *args, **kwargs):and return0

0 Karma
Reply
Solved! Jump to solution

manjunathmeti
Champion
‎02-12-2020 01:20 AM

Please share configurations created for custom alert action.

0 Karma
Reply
Solved! Jump to solution

pipipipi
Path Finder
‎02-12-2020 01:24 AM

Thank you for helping me. I use add-on builder. so I did not edit conf files.

0 Karma
Reply
Solved! Jump to solution

manjunathmeti
Champion
‎02-12-2020 02:16 AM

You are importing request, it should be requests.

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...