Solved: Splunk Alerting : How to pass arguments/filename t...

koshyk · ‎05-15-2014

Hi
I have savedSearch which should alert every 1 min. The searchname is "myApp_Alert_1m" and the file produced is "myApp_Alert_1m.csv". My Script is kept in $SPLUNK_HOME/bin/scripts/myAlert.py
So my SavedSearch outputs this file

 .. | outputcsv myApp_Alert_1m

How can I pass this filename as a parameter into "myAlert.py"?

( I tried putting into Enable Script where it shows "File name of shell script to run" with option, but not getting any output. )

koshyk · ‎05-15-2014

Found a way.
As per Documentation there are 8 arguments and "SPLUNK_ARG_4" is the "Name of report".
So the trick is to make outputcsv filename exactly same name as the Report/SavedSearch (and append by .csv etc..)
Then we can code within the script.

Within the script it would be:

CSV_FILE_IN                =    sys.argv[4] + '.csv'
COUNT_ALERTS               =    sys.argv[1]

View solution in original post

koshyk · ‎05-15-2014

Found a way.
As per Documentation there are 8 arguments and "SPLUNK_ARG_4" is the "Name of report".
So the trick is to make outputcsv filename exactly same name as the Report/SavedSearch (and append by .csv etc..)
Then we can code within the script.

Within the script it would be:

CSV_FILE_IN                =    sys.argv[4] + '.csv'
COUNT_ALERTS               =    sys.argv[1]

patelmc · ‎02-07-2021

How can we use this variable SPLUNK_ARG_4 inside bash shell?

Is it possible to pass this variable as $i with the script?

Splunk Alerting : How to pass arguments/filename to your script?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Are you a member of the Splunk Community?

Splunk Alerting : How to pass arguments/filename to your script?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability