Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Custom Alert reaction with Python

flk2309
New Member
‎02-18-2020 11:35 PM

Hello,

I want to trigger a a Python script as reaction to an alert. I have added the stanza to alert_actions.conf and restarted Splunk:

[myscript]
is_custom = 1
disabled = 0
label = myscript
description = myscript
track_alert = 1
ttl = 600
maxtime = 5m
icon_path = alert_manager_icon.png
payload_format = xml
filename = myscript.py
alert.execute.cmd = /opt/splunk/etc/apps/bla/bin/myscript.py

In the spunkd log I find the following entry:

02-19-2020 13:25:39.278 +0100 ERROR ModularUtility - Specified filename "..." not found in search path.
...

But the script is definitely there. Kindly help me to find out what I´m missing.

Best Regards Falko

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎02-19-2020 07:48 AM

Just try with below configurations in alert_actions.conf.

[myscript]
is_custom = 1
disabled = 0
label = myscript
description = myscript
track_alert = 1
ttl = 600
maxtime = 5m
icon_path = alert_manager_icon.png
payload_format = xml

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎02-19-2020 07:48 AM

Just try with below configurations in alert_actions.conf.

[myscript]
is_custom = 1
disabled = 0
label = myscript
description = myscript
track_alert = 1
ttl = 600
maxtime = 5m
icon_path = alert_manager_icon.png
payload_format = xml
0 Karma
Reply
Solved! Jump to solution

flk2309
New Member
‎02-20-2020 04:57 AM

Hello,

thank you. This works fine.

Another question I have now is, how can I trigger this alert manually to develop the script? When I run it in the search, the script is not triggered. Is there any way?

Thanks and best regards

Falko

0 Karma
Reply
Solved! Jump to solution

manjunathmeti
Champion
‎02-20-2020 05:12 AM

Is you script reading any inputs?

If not you can use sendalert command to trigger this alert action.

 <your_search> | sendalert myscript
0 Karma
Reply
Solved! Jump to solution

flk2309
New Member
‎02-20-2020 06:09 AM

Works fine. Thank you!

0 Karma
Reply
Solved! Jump to solution

manjunathmeti
Champion
‎02-20-2020 06:26 AM

You are welcome. Please accept the answer.

0 Karma
Reply
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...