I have an alert setup that finds an error which indicates that a service must be restarted. When the alert triggers, I would like for a script to run that restarts the service on the specific host that service failed on. I saw in the link below that you can pass custom arguments such as a fieldvalue. Is it possible to pass these arguments to a script? I'm interested in grabbing the hostname of the system so I can reference it in my script. This is a Windows environment so I would most likely be using a .bat file to restart the service.
Since Cuyose’s script was executing on a full splunk server (not a UF/LWF), Cuyose had python at hid disposal and didn’t use a .bat file. Instead he used python and the documentation found here to create a custom alert action.
To do this with a batch script, you have to use the results gzip tar file and your own code to pull fields out.
The tar.gz is explained here: https://docs.splunk.com/Documentation/Splunk/7.1.2/Alert/Configuringscriptedalerts
You’re wasting your time doing this in batch scripts if you ask me... you should be doing a python mod alert or SPL command.
Thanks for responding, However the problem is not resolved yet
In alert_actions.conf ($Splunk_Home$\etc\system\local) file i am adding below
param.name = $result.HostName$
but its showing invalid stanza and i am calling the same in script as shown below
but still the stanze problem is not done..
m i doing some thing wrong...
If you want help I suggest you post your own question and show the code you’re using too. We can’t troubleshoot two issues on one thread as these may be very different custom code problems.
I figured this out. in order for these variables to be used from the resultset I had to declare these variables in the alert_actions.conf, then restart. I then could add the information by calling the variable value with setting.get from the action script.
param.results_team = $result.team$
team = settings.get('results_team')
I am trying something similar to this and am having trouble getting the variable to pass across. Do you mind sharing some more of the code in action.py so we can see how this is done?
I attempted to add
$result.host$to the .bat and just have the script print it to a file. The script ran but it only printed "$result.host$" to the text document. I also tried the same but with % isntead of $ but that time it only printed Echo is on. Am I missing something? The script is placed in %SPLUNK_HOME%\bin\scripts.