Currently I am creating a Custom Alert action script as per documentation http://docs.splunk.com/Documentation/Splunk/6.5.2/AdvancedDev/CustomAlertScript but I would like to create Shell script instead of Python script.
In shell script to fetch payload I am using
read sessionKey in shell script, is this correct way ?? Or Do I need to use some other code to fetch payload value in shell script?
You'll need to read in the arguments via stdin.
Please see this link for just about everything you need and let us know if you get stuck:
The downside to using a bash script as an alert action is that you only get those 7 arguments. To read the results you have to read & manipulate the data file who's path is provided by the 8th argument.
Currently in script I am using SPLUNKARG1 ... 8 and that script I am using in "run a script alert action" & it is working fine but the feature is deprecated now.
So I have new script based on "Custom Alert Action" but I can use only
read sessionKey as STDIN in Shell Script
I am getting Payload via this script
#!/bin/bash if [[ "$1" == "--execute" ]]; then read sessionKey echo $sessionKey > /tmp/payload_output.txt fi
But If I use other variables in script those are not working/no output.
#!/bin/bash if [[ "$1" == "--execute" ]]; then read SPLUNK_ARG_0 echo $SPLUNK_ARG_0 > /tmp/payload_output.txt echo $SPLUNK_ARG_1 >> /tmp/payload_output.txt fi
So my question is
read sessionKey which I am using in first script and I am getting payload value, so is this correct method to fetch payload value in Custom Alert Action script ?
Are you looking for the search results?
If so there will be a file on a path specified by argument 8. You must use your script to read this file and use it as the payload.
Ok I understand your question now. Yes you are doing it correctly except I wouldn't call the payload sessionKey I would call it payload:
Perfect. working fine, Thanks. I am not able to convert your last comment as Answer, so accepting first answer as Answer.