Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Enterprise Security
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Premium Solutions
- :
- Splunk Enterprise Security
- :
- Multi-Select in HTML for Alert Action does not ret...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Multi-Select in HTML for Alert Action does not return anything and does not show up in payload passed to python script
jfournet
New Member
09-23-2024
05:05 PM
I am using the following html for my alert action data entry screen. The tenant mulit-select does not show up in the configuration dictionary of the payload object passed to the python script. What am I doing wrong?
Payload passed to python script:
Payload: {'app': 'search', 'owner': 'jon_fournet@bmc.com', 'result_id': '1', 'results_file': '/opt/splunk/var/run/splunk/dispatch/rt_scheduler_am9uX2ZvdXJuZXRAYm1jLmNvbQ__search__sentToBHOM12_at_1727135173_17.19/per_result_alert/tmp_1.csv.gz', 'results_link': 'http://clm-aus-wm6fwd:8000/app/search/search?q=%7Cloadjob%20rt_scheduler_am9uX2ZvdXJuZXRAYm1jLmNvbQ__search__sentToBHOM12_at_1727135173_17.19%20%7C%20head%202%20%7C%20tail%201&earliest=0&latest=now', 'search_uri': '/servicesNS/jon_fournet%40bmc.com/search/saved/searches/sentToBHOM12', 'server_host': 'clm-aus-wm6fwd', 'server_uri': 'https://127.0.0.1:8089', 'session_key': 'juYpGOJO29CVEJXEhNFtlVZu0NdAUtGRObXSddXgB^nwDFZHofpZ58tDr^dfFRHcAeBKb3sKvtUNY48u7z2go^bDjUIR1K59YJhT3mkpPKXm3Vom_mXwSCA5rF2AQsgeoEuM332jKYMhEiZRakt1Qs69if_wD_QAPo', 'sid': 'rt_scheduler_am9uX2ZvdXJuZXRAYm1jLmNvbQ__search__sentToBHOM12_at_1727135173_17.19', 'search_name': 'sentToBHOM12', 'configuration': {'additional_info': 'This is an additional slot', 'category': 'AVAILABILITY_MANAGEMENT', 'ciid': 'test ciid', 'citype': 'testcitype', 'hostname': 'splunktesthost', 'logLevel': 'WARN', 'message': ' kkkk', 'object': 'testobject', 'originuri': 'testuri', 'severity': 'WARNING', 'subcategory': 'APPLICATION'}
HTML:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Information</title>
<style>
body {
background-color: lightblue;
font-family: Arial, sans-serif;
}
.container {
width: 80%;
margin: 20px auto;
}
.section {
background-color: white;
padding: 15px;
margin-bottom: 20px;
border: 2px solid black;
border-radius: 5px;
}
.section h2 {
margin-top: 0;
}
</style>
</head>
<body>
<form class="form-horizontal form-complex">
<h1>BHOM Tenant Configuration</h1>
<div class="control-group">
<label class="control-label" for="bmc_tenants">Tenants</label>
<div class="controls">
<select id="bmc_tenants" name="action.sendToBHOM.param.tenants" multiple size="3">
<option value="prod">Production</option>
<option value="qa">QA</option>
<option value="dev">Development</option>
</select>
<span class="help-block">The BHOM Tenants to forward alerts</span>
</div>
</div>
<h1>BHOM Event Configuration</h1>
<div class="control-group"><label class="control-label" for="bmc_severity">Severity</label>
<div class="controls"><select id="bmc_severity" name="action.sendToBHOM.param.severity">
<option value="OK">Ok</option>
<option value="WARNING">Warning</option>
<option value="MINOR">Minor</option>
<option value="MAJOR">Major</option>
<option value="CRITICAL">Critical</option>
</select><span class="help-block">The severity of the alert</span></div>
</div>
<div class="control-group"><label class="control-label" for="bmc_hostname">Source Hostname</label>
<div class="controls"><input id="bmc_hostname" name="action.sendToBHOM.param.hostname" type="text" placeholder="e.g. splunk.bmc.com " /> <span class="help-block">The Hostname of the source of the alert</span></div>
</div>
<div class="control-group"><label class="control-label" for="bmc_object">Object</label>
<div class="controls"><input id="bmc_object" name="action.sendToBHOM.param.object" type="text" placeholder="e.g. Splunk_log_1 " /> <span class="help-block">The Object related to the alert</span></div>
</div>
<div class="control-group">
<div class="control-group"><label class="control-label" for="bmc_category">Category</label>
<div class="controls"><input id="bmc_category" name="action.sendToBHOM.param.category" type="text" placeholder="e.g. splunk.bmc.com " /> <span class="help-block">The Category related to the alert</span></div>
</div>
<div class="control-group"><label class="control-label" for="bmc_subcategory">Sub-Category</label>
<div class="controls"><input id="bmc_subcategory" name="action.sendToBHOM.param.subcategory" type="text" placeholder="e.g. splunk.bmc.com " /> <span class="help-block">The Sub-Category related to the alert</span></div>
</div>
<div class="control-group"><label class="control-label" for="bmc_originuri">Origin URI</label>
<div class="controls"><input id="bmc_originuri" name="action.sendToBHOM.param.originuri" type="text" placeholder="e.g. splunk.bmc.com " /> <span class="help-block">The Origin URI related to the alert</span></div>
</div>
<div class="control-group"><label class="control-label" for="bmc_ciid">CI ID</label>
<div class="controls"><input id="bmc_ciid" name="action.sendToBHOM.param.ciid" type="text" placeholder="e.g. splunk.bmc.com " /> <span class="help-block">The CI ID related to the alert</span></div>
</div>
<div class="control-group"><label class="control-label" for="bmc_citype">CI Type</label>
<div class="controls"><input id="bmc_citype" name="action.sendToBHOM.param.citype" type="text" placeholder="e.g. splunk.bmc.com " /> <span class="help-block">The CI Type related to the alert</span></div>
</div>
<div class="control-group"><label class="control-label" for="bmc_event_message">Message</label>
<div class="controls"><textarea id="bmc_event_message" style="height: 120px;" name="action.sendToBHOM.param.message"> </textarea><span class="help-block">The message for the event send to BHOM</span</div>
</div>
</div>
<div class="control-group"><label class="control-label" for="bmc_additional_info">Additional Info</label>
<div class="controls"><input id="bmc_additional_info" name="action.sendToBHOM.param.additional_info" type="text" placeholder="e.g. splunk.bmc.com " /> <span class="help-block">The Additional Information related to the alert</span></div>
</div>
</div>
<h1>Log Level (logs written to index _internal)</h1>
<label for="logLevel">Choose a log level:</label>
<select id="logLevel" name="action.sendToBHOM.param.logLevel">
<option value="INFO">INFO</option>
<option value="WARN">WARNING</option>
<option value="ERROR" selected>ERROR</option>
<option value="DEBUG">DEBUG</option>
</select>
</body>
</html>
Get Updates on the Splunk Community!
Building Reliable Asset and Identity Frameworks in Splunk ES
Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...
Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting
For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...
Automatic Discovery Part 3: Practical Use Cases
If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...
