Splunk Enterprise Security

Is it possible to pass values from a notable event to a shell script?

gary_richardson
Path Finder

Hello

In Enterprise Security, there is the option to run a script as a follow on action to a notable event. Is it possible to pass field values from the notable event to the selected script?

Cheers.

0 Karma
1 Solution

muebel
SplunkTrust
SplunkTrust

Hi gary.richardson2, you can get access to the search results as described here : http://docs.splunk.com/Documentation/Splunk/6.4.1/Alert/Configuringscriptedalerts

Essentially, "SPLUNK_ARG_8" contains the filename of the search results, which you could manipulate to extract the fields you are interested in.

Please let me know if this helps!

View solution in original post

muebel
SplunkTrust
SplunkTrust

Hi gary.richardson2, you can get access to the search results as described here : http://docs.splunk.com/Documentation/Splunk/6.4.1/Alert/Configuringscriptedalerts

Essentially, "SPLUNK_ARG_8" contains the filename of the search results, which you could manipulate to extract the fields you are interested in.

Please let me know if this helps!

gary_richardson
Path Finder

Thanks! 🙂

muebel
SplunkTrust
SplunkTrust

gladly! 😄

0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...