I have a job that is set to run off of every alert. I have a python script executing that is showing Exit Code 0. The script is designed to grab a specific field from the alert and pass it along with an API call to a web server.
I am not seeing any errors other than it does not seem to be grabbing the file information from the search results.
Any help here would be great
Splunk passed 8 arguments to alert script, 8th one is the full path to the compressed result file of the search. How is your python script grabbing the specific fields?
This is not a run a script function, but a modular alert so it is part of an app.
in the alert_actions.conf file I have tried calling a $result.$ to add it as an argument, creating a param.message using the same filed and calling that from in the script.
None work.