Splunk Dev

Access arguments to python script

trungnt
New Member

Hi all,

I wrote a small python script to run "a script alert action", I access arguments by this follow guide,
http://docs.splunk.com/Documentation/Splunk/6.2.2/Alert/Configuringscriptedalerts#Access_arguments_t...

My python script is:

#!/usr/bin/python
#
import sys
import serial
import time

tn = sys.argv[4]

print tn

The script is running.

The arguments to scripts have SPLUNK_ARG_0 -> SPLUNK_ARG_8, but I want access other information,
for example: I want to tranfer arguments which is the same tokens $result.fieldname$ in email notifications.

Please help me,

Thank you!

Tags (2)
0 Karma
1 Solution

somesoni2
Revered Legend

The search results are not directly accessible in the alert script but SPLUNK_ARG_8 argument provides the compressed file that contains the search result. Look at this post for a sample wrapper script on how to use 8th argument to pass search results to your script.

https://answers.splunk.com/answers/149836/how-to-run-an-alert-script-on-field-values-generated-in-sp...

View solution in original post

0 Karma

trungnt
New Member

Hi, Somesoni2

Thank you so much for your speedy reply!
It 's working.

0 Karma

somesoni2
Revered Legend

The search results are not directly accessible in the alert script but SPLUNK_ARG_8 argument provides the compressed file that contains the search result. Look at this post for a sample wrapper script on how to use 8th argument to pass search results to your script.

https://answers.splunk.com/answers/149836/how-to-run-an-alert-script-on-field-values-generated-in-sp...

0 Karma
Get Updates on the Splunk Community!

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

  Now On Demand  Stay ahead of today’s evolving threats with the combined power of the Splunk Threat Research ...

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Automated Archival is a new capability within Metrics Management; which is a robust usage & cost optimization ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...