Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Difference between script alert action and custom alert action

rhobby
New Member
‎11-21-2016 04:12 AM

What is exactly the difference between a script alert action and a custom alert action?

On http://docs.splunk.com/Documentation/Splunk/6.5.0/Alert/ConfiguringScriptedAlerts I can read that script alert action are deprecated.

If I have a script alert action. What ist the way to create a custom alert action?

Best wishes,

Robert

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rpille_splunk
Splunk Employee
Splunk Employee
‎11-21-2016 02:47 PM

Scripted alerts, now deprecated, were alerts that triggered scripts to run. Custom alert actions have replaced them and can do the same and more, with a better user experience. If you have a scripted alert that you want to convert, try following these docs to create an alert action using the script you already have. http://docs.splunk.com/Documentation/Splunk/6.5.1/AdvancedDev/ModAlertsIntro

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

rpille_splunk
Splunk Employee
Splunk Employee
‎11-21-2016 02:47 PM

Scripted alerts, now deprecated, were alerts that triggered scripts to run. Custom alert actions have replaced them and can do the same and more, with a better user experience. If you have a scripted alert that you want to convert, try following these docs to create an alert action using the script you already have. http://docs.splunk.com/Documentation/Splunk/6.5.1/AdvancedDev/ModAlertsIntro

0 Karma
Reply
Solved! Jump to solution

rhobby
New Member
‎01-19-2017 02:12 AM

Thank you for your answer.

I tried to follow these steps. I have a script that tries to fetch the environment variables SPLUNK_ARG_X.

In the custom alert action they seem to be nonexistent. Unfortunately in the link, provided by you, is no mention of these variables.

Is it still possible to use these variables?

0 Karma
Reply
Solved! Jump to solution

oddsve
New Member
‎01-08-2018 01:52 AM

It is documented in the following page here: http://docs.splunk.com/Documentation/Splunk/6.6.3/AdvancedDev/CustomAlertConvertScripted

"For custom alert actions, use configuration file parameters to access and pass values to the configuration payload that the alert action receives."
Meaning you can't use SPLUNK_ARG_X arguments, these need to be called upon from a configuration file.

0 Karma
Reply
Solved! Jump to solution

jef152
Explorer
‎11-13-2017 11:33 AM

I'm also looking for how to get the environment variables into my alert action script. Has anyone had success with this?

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...