Re: How to grab data from a the search result for ...

Athildjax64 · ‎04-18-2018

I have a job that is set to run off of every alert. I have a python script executing that is showing Exit Code 0. The script is designed to grab a specific field from the alert and pass it along with an API call to a web server.

I am not seeing any errors other than it does not seem to be grabbing the file information from the search results.

Any help here would be great

somesoni2 · ‎04-18-2018

Splunk passed 8 arguments to alert script, 8th one is the full path to the compressed result file of the search. How is your python script grabbing the specific fields?

https://docs.splunk.com/Documentation/Splunk/7.0.3/Alert/Configuringscriptedalerts#Access_arguments_...

Athildjax64 · ‎04-18-2018

This is not a run a script function, but a modular alert so it is part of an app.
in the alert_actions.conf file I have tried calling a $result.$ to add it as an argument, creating a param.message using the same filed and calling that from in the script.
None work.

How to grab data from a the search result for an API call script?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation