How to grab data from a the search result for an A...

Athildjax64 · ‎04-18-2018

I have a job that is set to run off of every alert. I have a python script executing that is showing Exit Code 0. The script is designed to grab a specific field from the alert and pass it along with an API call to a web server.

I am not seeing any errors other than it does not seem to be grabbing the file information from the search results.

Any help here would be great

somesoni2 · ‎04-18-2018

Splunk passed 8 arguments to alert script, 8th one is the full path to the compressed result file of the search. How is your python script grabbing the specific fields?

https://docs.splunk.com/Documentation/Splunk/7.0.3/Alert/Configuringscriptedalerts#Access_arguments_...

Athildjax64 · ‎04-18-2018

This is not a run a script function, but a modular alert so it is part of an app.
in the alert_actions.conf file I have tried calling a $result.$ to add it as an argument, creating a param.message using the same filed and calling that from in the script.
None work.

How to grab data from a the search result for an API call script?

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination

Hunt Smarter, Not Harder: Discover New SPL “Recipes” in Our Threat Hunting Webinar

Are you a member of the Splunk Community?

How to grab data from a the search result for an API call script?

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination

Hunt Smarter, Not Harder: Discover New SPL “Recipes” in Our Threat Hunting Webinar