Hello
In Enterprise Security, there is the option to run a script as a follow on action to a notable event. Is it possible to pass field values from the notable event to the selected script?
Cheers.
Hi gary.richardson2, you can get access to the search results as described here : http://docs.splunk.com/Documentation/Splunk/6.4.1/Alert/Configuringscriptedalerts
Essentially, "SPLUNK_ARG_8" contains the filename of the search results, which you could manipulate to extract the fields you are interested in.
Please let me know if this helps!
Hi gary.richardson2, you can get access to the search results as described here : http://docs.splunk.com/Documentation/Splunk/6.4.1/Alert/Configuringscriptedalerts
Essentially, "SPLUNK_ARG_8" contains the filename of the search results, which you could manipulate to extract the fields you are interested in.
Please let me know if this helps!
Thanks! 🙂
gladly! 😄