All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to send triggered alerts from Splunk App for Unix and Linux to Omnibus tool?

bkondakindi
Path Finder
‎08-20-2014 10:55 AM

We have setup Splunk App for Unix and Linux and we are getting all alerts on dashboard from all configured hosts.

I have to send these trigger alerts to Omnibus tool. Any idea how we can do it from splunk side?

0 Karma
Reply

jbrodsky_splunk
Splunk Employee
Splunk Employee
‎08-20-2014 11:36 AM

There are many ways to send alerts from Splunk and have OMNIbus create events. One of the simplest ways would be to have Splunk write alert data via a standard alert action, line by line, into a flat file. Then use an OMNIbus flatfile gateway to read that file, take the contents, and create events in the Objectserver.

The flatfile gateway is lightweight enough that it can sit on a Splunk search head without creating too much overhead.

This has the advantage of using many capabilities native to OMNIbus, such as reliable delivery and store and forward.

Other ways of getting alert data could be using a command line like "logger" to log syslog containing Splunk alert data, and then use an OMNIbus syslog probe to pull data in. Or traps, and use an OMNIbus SNMP probe. Or use Splunk's DB Connect app to write results of searches to a database table, and have an OMNIbus database gateway bring the data into the Objectserver. Or have an alert action send to a socket and use an OMNIbus socket probe.

As you can see, there are many ways to do this. If you are going to do much with alert actions, I highly recommend Ron Naken's "Red Alert" app - it's like legos for Splunk alerting!

0 Karma
Reply

jbrodsky_splunk
Splunk Employee
Splunk Employee
‎08-20-2014 12:07 PM

There is not going to be a step-by-step walkthrough of how to do this - it is not "out of the box." I suggest you approach this in stages. First modify one of the alerts to echo data out to a flat file - read about alerting in the Alert Manual, especially the section on "Run a Script." Once you have the alert data written out to a flat file, install a OMNIbus flatfile gateway on your Splunk search head, and have it parse the resulting flat file as input. Create your OMNIbus rules file to suit. By the way, googling "Splunk Alerts" produces very relevant reading material in the first 3 links.

0 Karma
Reply

bkondakindi
Path Finder
‎08-20-2014 11:54 AM

Splunk Team thanks for quick update.

can you please specify the steps I have alerts on splunk app for Solaris and linux how i get those alerts into my omnibus tool. please specify the steps

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...