Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

send Splunk Events to another Software/msend/BMC Event Manager

siegema1
New Member
‎03-27-2014 05:41 AM

Dear all,
I'm wondering if someone of you did already send Splunk Events via msend to BMC Event Manager and how you can do it?
If not, can you tell me if there is a easy way to take somehow the different fields of a Splunk event and handle it with a script outside where you can send the different variables/values?
We have the tool msend where you can send events with for example

msend -q -n emh1 -r [SEVERITY] -a YOURCLASS -b "mc_host=[SPLUNKEVENTPART1];mc_host_address=[SPLUNKEVENTPART2];mc_host_class=[SPLUNKEVENTPART3];mc_object_class=[SPLUNKEVENTPART4];mc_object=[SPLUNKEVENTPART5];msg=[SPLUNKEVENTPART5]"

Those fields/value SPLUNKEVENTPARTx I should become out from Splunk.
Appreciate your help.

Cheers
Markus

Tags (3)
0 Karma
Reply

siegema1
New Member
‎03-27-2014 06:19 AM

Thanks a lot for your help.
I'm not yet that familar with splunk but will try that.
To create a App for that I think I'm many miles away from it 🙂

0 Karma
Reply

reed_kelly
Contributor
‎03-27-2014 06:08 AM

Create an alert script in $SPLUNK_HOME/bin/scripts/call_bmc.py or any other scripting language that you are familiar with. When you alert on a rule, have it execute the script (just call_bmc.py or whatever you call it). The 8th parameter passed to the script will be a file containing the results of the search. You can open and read this file from the script.

See: Configuring Alerts for information about how the script is initiated.

I would create search macros that add columns or rows to your search that could give instructions to the script. You may also want to make the script intelligent with a config file and some kind of alerting language (extra credit). If it's good, post it as an app to Splunkbase 🙂

0 Karma
Reply

siegema1
New Member
‎03-27-2014 06:20 AM

Thanks a lot for your help.
I'm not yet that familar with Splunk but will try that.
To create a App for that I think I'm many miles away from it 🙂

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...

Customer success is front and center at .conf25

Hi Splunkers, If you are not able to be at .conf25 in person, you can still learn about all the latest news ...

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...