Alerting

Will the "Run a script" trigger action for alerts disappear now that it is deprecated?

andrewtrobec
Builder

Hello,

I am using Splunk 6.5.1 and I am working with alert trigger actions that run scripts. The documentation here states that this functionality has been officially deprecated. Does this mean that I should stop using it because it will disappear from the platform altogether?

Regards,

Andrew

Labels (1)
Tags (1)
0 Karma
1 Solution

martin_mueller
SplunkTrust
SplunkTrust

Splunk defines deprecation here: https://docs.splunk.com/Documentation/Splunk/6.5.2/ReleaseNotes/Deprecatedfeatures

What does "deprecated" mean?

Deprecated features and platforms continue to work and Splunk supports them until support is removed. However, customers should begin to plan now for the future removal of support.

You're unlikely to get an official forward-looking statement as to when or even if a deprecated feature will be removed.
Personally, I doubt the run a script alert action is going to be removed any time soon because many legacy apps still use it. I'd recommend any newly built feature should use the custom alert action framework, and any existing feature should be migrated when there's a good opportunity for it.

View solution in original post

martin_mueller
SplunkTrust
SplunkTrust

Splunk defines deprecation here: https://docs.splunk.com/Documentation/Splunk/6.5.2/ReleaseNotes/Deprecatedfeatures

What does "deprecated" mean?

Deprecated features and platforms continue to work and Splunk supports them until support is removed. However, customers should begin to plan now for the future removal of support.

You're unlikely to get an official forward-looking statement as to when or even if a deprecated feature will be removed.
Personally, I doubt the run a script alert action is going to be removed any time soon because many legacy apps still use it. I'd recommend any newly built feature should use the custom alert action framework, and any existing feature should be migrated when there's a good opportunity for it.

martin_mueller
SplunkTrust
SplunkTrust
0 Karma

thaghost99
Path Finder

Thanks Martin,

i was going over the youtube video, and its not dumb down enough or easy to follow.

we create an app, but how can i enable my search string to be able to be available now in this new APP on the alert, and the structure. it seems to have made it a bit more complicated to use that the way it was working before. and is it limited to python only? cant use bash anymore?

is there any way i can still use the old way, that seems to much easier than this new way. it seems like overkill to a simple script call i want to do.

 

appreciate the quick response and assistance so far.  😃

0 Karma

rajagurup
New Member

Hi Martin,

Could you please create an app and share the configuration which has the same option like Run the script(We can input the script name to be invoked as an alert action) so that we wont get the warnings as deprecated.

0 Karma

andrewtrobec
Builder

Thanks Martin, perfect response.

Side question: do you know of any step-by-step tutorials on how to configure the new custom alert actions in the same way the "Run a script" feature works?

Regards,

Andrew

0 Karma
Get Updates on the Splunk Community!

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...