Splunk Search

How to get argument to run a script in perl


I did a alert to run a script and it runs with fixed variable. But now i want to pass variable (argument 😎 but I don't know how to do and the correct syntax to call argument 8 into my script

Tags (1)
0 Karma

Splunk Employee
Splunk Employee

Argument #8 provides the location of a file with the results of the search. The file keeps the search results is in gzip compressed format. At this point you have two choices: 1) you can read the contents of that file or 2) pass the entire file to your script.

Let us assume that you are working in a UNIX/Linux environment and that you want to pass the contents of the results file to a third-party program. At this point you will use the shell wrapper to pass the results variable and let the third-party program deal with the data set.

#! /bin/sh

results=$(zcat $8)
$perlExec $perlScript "$results"

On the other hand, you may be working in MS Windows and you may want to pass the entire file to another program. The alert function allows you to use a BATCH program as a wrapper and then you would pass the right content to a third-party program. If that were the case, you might use something like this:

@echo off

set SPLUNK_HOME=C:\Progra~1\Splunk
set SCRIPT="%SPLUNK_HOME%\bin\scripts\tivoliparser.ps1"
set POWERSHELL="C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"


Of course there are many other variations of these types of use so judge these examples as basic illustrations.

0 Karma
Get Updates on the Splunk Community!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Greetings, Splunk Cloud Admins and Splunk enthusiasts! The Admin Configuration Service (ACS) team is excited ...

Tech Talk | One Log to Rule Them All

One log to rule them all: how you can centralize your troubleshooting with Splunk logs We know how important ...