Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

send Splunk Events to another Software/msend/BMC Event Manager

siegema1
New Member
‎03-27-2014 05:41 AM

Dear all,
I'm wondering if someone of you did already send Splunk Events via msend to BMC Event Manager and how you can do it?
If not, can you tell me if there is a easy way to take somehow the different fields of a Splunk event and handle it with a script outside where you can send the different variables/values?
We have the tool msend where you can send events with for example

msend -q -n emh1 -r [SEVERITY] -a YOURCLASS -b "mc_host=[SPLUNKEVENTPART1];mc_host_address=[SPLUNKEVENTPART2];mc_host_class=[SPLUNKEVENTPART3];mc_object_class=[SPLUNKEVENTPART4];mc_object=[SPLUNKEVENTPART5];msg=[SPLUNKEVENTPART5]"

Those fields/value SPLUNKEVENTPARTx I should become out from Splunk.
Appreciate your help.

Cheers
Markus

Tags (3)
0 Karma
Reply

siegema1
New Member
‎03-27-2014 06:19 AM

Thanks a lot for your help.
I'm not yet that familar with splunk but will try that.
To create a App for that I think I'm many miles away from it 🙂

0 Karma
Reply

reed_kelly
Contributor
‎03-27-2014 06:08 AM

Create an alert script in $SPLUNK_HOME/bin/scripts/call_bmc.py or any other scripting language that you are familiar with. When you alert on a rule, have it execute the script (just call_bmc.py or whatever you call it). The 8th parameter passed to the script will be a file containing the results of the search. You can open and read this file from the script.

See: Configuring Alerts for information about how the script is initiated.

I would create search macros that add columns or rows to your search that could give instructions to the script. You may also want to make the script intelligent with a config file and some kind of alerting language (extra credit). If it's good, post it as an app to Splunkbase 🙂

0 Karma
Reply

siegema1
New Member
‎03-27-2014 06:20 AM

Thanks a lot for your help.
I'm not yet that familar with Splunk but will try that.
To create a App for that I think I'm many miles away from it 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...