Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can we create a form in Splunk to add events?

bud9
New Member
‎01-11-2019 02:07 AM

I have the following job run details getting indexed:

JobName  JobStartTime    JobEndTime      JobStatus
APM1234, 01/11/19 09:00, 01/11/19 09:30, COMPLETE
APM1235, 01/11/19 09:05, 01/11/19 09:35, FAILED
APM1236, 01/11/19 09:10, 01/11/19 09:40, RUNNING
APM1237, 01/11/19 09:15, 01/11/19 09:45, RUNNING

I wanted to create a form for the user that shows up FAILED jobs in last 24 hours and they should be able to add an event when a job was force completed. Eg. Suppose if the user marks the job APM1235 as force completed, the following event should be added:

JobName  JobStartTime    JobEndTime      JobStatus
APM1235, 01/11/19 09:05, 01/11/19 09:35, FORCE-COMPLETED

This is possible in Splunk? Any help is appreciated. Thank you so much!

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎01-12-2019 03:36 PM

Yes, there are many ways to build this in Splunk.

One would be to have your form run a tiny bit of JavaScript that runs a search like this: | makeresults | sendalert logevent param.event="Hello World!" [obviously with more stuff configured for the sendalert command...].

Another would be to have your form run a tiny bit of JavaScript that calls this REST endpoint: https://docs.splunk.com/Documentation/Splunk/7.2.3/RESTREF/RESTinput#receivers.2Fsimple

And yet another would be to have your form run a tiny bit of JavaScript that sends events to a HEC receiver: https://docs.splunk.com/Documentation/Splunk/7.2.3/Data/UsetheHTTPEventCollector

I'm sure there are more options.

Reply

sdchakraborty
Contributor
‎01-12-2019 07:42 AM

May be you can create a custom command which will do the indexing using "data/inputs/oneshot
" endpoint. When user make the job force-completed from UI you can call the custom command.

Please refer the below link for end point details.

https://docs.splunk.com/Documentation/Splunk/7.2.3/RESTREF/RESTinput

Sid

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

At Splunk Education, we’re dedicated to providing top-tier learning experiences that cater to every skill ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...