Hi All, The Bloodhound TA creates a KV store lookup. I've been asked to take the entries in the KV store and turn them into events. I've setup an alert, but I'm not seeing the alert fire...
...EST", src="192.168.0.1", action="create test event" | sendalert create_alert param.title="Hello $result.user$" param.template=default This successfully creates my event in my index. I have exhausted m...
...he same from Splunk search. Tried using sendalert command as below and got an error: | sendalert servicenow param.severity="4" param.assigned_to="Assignment group" param.short_description="Alert N...
...ount=1 | eval id=$incident_id$| sendalert canary_acknowledge_incident param.incident_id=$incident_id$ param.index_name="main" And this is getting triggered when a Submit Button is being clicked....
...nvalid parameter for adhoc modular action.
Now we use sendalert command in our alert_actions.conf, so according to the Splunk document, it should support adhoc invocation. The command we use in our a...
How to assign multiple risk object fields and object types in Risk analysis response action. I know it's possible from search using appendpipe and sendalert but we want this to be added from the r...
...icense usage.
Pipe to the "sendalert" command with the "logevent" alert action specified, or if it's a saved search or alert, use the Log Event alert action
Effectively, I think they all do the s...