Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Custom alert action

majemi1
New Member
‎09-04-2024 07:32 AM

i write a custom alert with bash script who send values of spl query to the hive, the script create a case on the hive but with empty fields.
alert_actions.conf:
[alert_to_thehive]
is_custom = 1
disabled = 0
label = Alert to TheHive
description = Custom alert action to send alerts to TheHive
icon_path = alert_icon.png
payload_format = json
ttl = 10
# Command to execute
alert.execute.cmd = alert_to_thehive.sh
# Arguments passed to the script
alert.execute.cmd.arg.1 = $result.Image$
alert.execute.cmd.arg.2 = $result.CommandLine$

Labels (2)
0 Karma
Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...