how do I pass my search output results to a custom alert action script(test.py) which has some static parameters ? for ex. I have a statistics table which has two columns Hosts and Count.. I want to pass the results of these two columns to a static parameter say Description.
Ive come across SPLUNK_ARG_8(sys.argv[8])... tried this but it am getting an error " Alert script returned error code 1., search='sendalert test_dropdown results_file="/opt/splunk/var/run/splunk/dispatch/scheduler_adminsearch_RMD51340b9f59d2d65d1_at_1564127640_31/results.csv.gz " .
How do I use it in my script? Or is der any other way. Any suggestions? Below is part of my script
def openany(p):
if p.endswith(".gz"):
return gzip.open(p)
else:
return open(p)
results_file = sys.argv[8]
for row in csv.DictReader(openany(results_file)):
description = "Alert Triggered for " + row["component"] + " value is " + row["count"]
# TODO: Implement your alert action logic here
url = "https://ensrqbrq8xubd.x.pipedream.net"
payload = '''{\"Description\\\":\\\"''' + description + '''\\\"}'''.encode('utf8')
headers = {
'content-type': "application/json"
}
response = requests.request("POST", url, data = payload, headers=headers)
... View more