I am using RedHat Linux on Our Splunk installation.
On our search head, we are using alerts a lot and I am wondering if anyone out here has
a example of how to get the search result into the syslog of the RedHat server?
The reason for this is because we are using a ticket system which can monitor the syslog.
I now use this search:
searchstring | outputcsv result.csv
And I am trying to make a script that will send the data inside the file into syslog, like this:
logger -p -t Name_of_alert -f /opt/splunk/var/run/splunk/resultdata.csv
This will pass the result into syslog, but the alert does not use this when it is scripted.
If I do it manually, then it will work,
Using a script for this does not give me the result in cleartext, only metadata about it.
0 SPLUNK_ARG_0 Script name
1 SPLUNK_ARG_1 Number of events returned
2 SPLUNK_ARG_2 Search terms
3 SPLUNK_ARG_3 Fully qualified query string
4 SPLUNK_ARG_4 Name of report
5 SPLUNK_ARG_5 Trigger reason
For example, "The number of events was greater than 1."
6 SPLUNK_ARG_6 Browser URL to view the report.
7 SPLUNK_ARG_7 Not used for historical reasons.
8 SPLUNK_ARG_8 File in which the results for the search are stored.
Thanks in advance to splunk and all answers.
... View more