Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question

how to include search results in python custom alert script

pranay_adla
New Member
โ€Ž07-29-2019 06:23 AM

have a custom alert action scripts which have UI. If I give a fieldname in UI that needs to get value from search result and append to sid. How can I use $results.fieldnme$ or any other solution for this.

0 Karma
Reply

jaime_ramirez
Communicator
โ€Ž07-29-2019 02:57 PM

For Custom Alert Actions tokens you could use this guide:

https://docs.splunk.com/Documentation/Splunk/7.3.0/AdvancedDev/ModAlertsLog#Pass_search_result_value...
https://docs.splunk.com/Documentation/Splunk/7.3.0/Alert/EmailNotificationTokens#Search_metadata_tok...

So in your case if you want to pass some field results (lets name it ResultsToPass) and also the sid of the search, you could put it like this in the UI:

Results: $results.Results_To_Pass$
Search Job: $job.sid$

Then the python script would parse this and perform its particular function.

If you could provide more info it would be great.

Hope it helps.

0 Karma
Reply