I am pretty new to Splunk and trying to figure out how alert notification and adding a script to it works. My alert will basically return a line from a log stream every time it matches my search criteria, which will be something like this" process completed for config some_name having RUN_ID 1129 (it could be multiple lines) my goal is to get the "config_name" part from here and send it as a column name into a sql query that either I put it in a bash or python script: select "config_name" from table; how are the alert result and the script connected? can someone bring an example? saw few posts (https://community.splunk.com/t5/Alerting/how-to-pass-custom-strings-from-a-Splunk-Alert-into-a-python/m-p/322664) but not quite getting it.... any help would be appreciate it!
... View more