We are using a Perl script to create tickets when a given event meets a certain threshold. How can we include the results of the search in the ticket? This seems like it should be pretty easy, but darned if I can figure out how to get at that data. Otherwise, all we have is a ticket with a link to the search we have to click on to get at the information we seek.
I've found something interesting there...
The splunk doc is really missing some examples...
From the link in my answer post:
$8 = path to a file where raw results of this search are located (as opposed to passing the actual results into the ticket--this could be a lot of data).
I use an email alert for grabbing the full search result to send to our ticketing system. Some of my alrets send the results as a pdf. This was simple and cleaner to interface with CA's service desk application.
I think you would have to cat $8 , but I bet its format is a not very pretty since it contains raw results
$8= File where the results for this search are stored (contains raw results)
Then it might be the way you are handling the variables. That example was Bash, so $1, $2 etc are defined as positional parameters passed to the script. This would be represented differently in Perl. My Perl skills are not that great , but if I'm not mistaken they would be something like $ARGV,$ARGV, etc.