I am using splunk 8.2.12 and am trying to generate a pdf via an existing alert action using splunk api calls. The action was originally developed for automated ticketing within another app when a splunk alert is triggered. The end goal is to be able to upload the pdf of search results based on the alert to the ticket in an automated way. below is the current state of the code: def create_pdf_for_ticket(payload, output_file):
# Extract relevant information from the payload
ticket_id = payload.get('sid')
index = payload.get('result', {}).get('index')
sourcetype = payload.get('result', {}).get('sourcetype')
# Construct the search query based on the extracted information
search_query = f'search index={index} sourcetype={sourcetype} sid={ticket_id}'
# Make the API request to execute the search and get the results
search_payload = {
'search': search_query,
'output_mode': 'json',
}
search_response = requests.get('http://localhost:8089/services/search/jobs/export', params=search_payload, headers=post_headers)
# Check if the search request was successful
if search_response.status_code == 200:
# Save the search results to a file
with open(output_file, 'wb') as pdf_file:
pdf_file.write(search_response.content)
print(f"PDF created successfully at: {output_file}")
else:
print(f"Error creating PDF: {search_response.status_code} - {search_response.text}")
def main():
*****
# Create PDF for the ticket
output_file = os.environ['SPLUNK_HOME'] + '/etc/apps/Splunk_Ivanti/local/ticket.pdf'
create_pdf_for_ticket(payload, output_file)
*****
... View more