Is there any way to run external script with source IP (source IP of device which sent alert to splunk, host= value in event) address as variable? There is in splunk documentation few variables but non of them are host. I need to trigger config download from Solar Winds upon change of config. All syslog messages are sent to splunk. So when alert is triggered it would run script ./update $SOURCE_HOST
Splunk Alert with run a script action
337 Views Asked by Datagram.Network At
1
There are 1 best solutions below
Related Questions in SPLUNK
- Splunk metadata information
- Linux command outputs in splunk
- With a regular expression, match letters and numbers but not whitespaces
- break multiline events using LINE_BREAKER
- Running Python Splunk SDK Test Suite
- Incorrect Extraction of fields in Splunk
- ios crash in splunk mint
- How to search a given time range for every day in Splunk?
- Protocol(SSLV3) unsupported issue while retrieving data from Splunk
- How can you filter out direct calls to your API coming from mobile apps rather than web browsers when viewing/parsing IIS logs
- Negative regex in splunk (not using fields)
- How to get negative lookahead in regex to accept more words
- Splunk: column order of csv
- Charting multivariables in Splunk
- How to add condition in splunk data model constraint
Related Questions in SPLUNK-QUERY
- How do I create a Splunk query for unused event types?
- Splunk command to check if current search is greater than x% of previous search
- How to Build Splunk Search Query for below Scenario
- Finding brute force attacks with splunk
- i have 3 columns , total count , pass count , and fail count , how do i write formula in SQL or SPL if fail count is > 8% its development error
- Use sub-second precision on "earliest" in Splunk query
- How to write Splunk query to get first and last request time for each sources along with each source counts in a table output
- How to do compound query with where clause in Splunk?
- SPLUNK enterprise i am trying to calculate results where if > 4% of failure is anomaly?
- Searching for a particular kind of field in Splunk
- Splunk conditional distinct count
- Read Squid access.log with Splunk
- Splunk showing wrong index time
- How to extract alpha-numeric fields in a Splunk query and list them in table form
- Splunk query to extract fields from log data
Related Questions in SPLUNK-SDK
- Splunk Addon builder alert action to store results in to a custom index
- Unable to connect Java with splunk cloud
- Splunk Alert with run a script action
- Splunk cooked format from universal forwarder
- How to only extract match strings from a multi-value field and display in new column in SPLUNK Query
- Splunk limits the results returned by stats list() function
- Replace for loop with forEach function
- Sending Log Data to Splunk using Python
- Splunk Query Recommendation
- How to connect to Splunk API via Python, receiving javascript error
- Recording earliest login time for each day
- Cant connect to splunk using splunk-java sdk with any of TLS Versions
- How do I set TTL for oneshot search in Splunk API using Python?
- Combining the results from 2 indexes in splunk query
- write log entry to splunk via HTTP in python
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
You can trigger an Alert on anything you like. If you want the Alert to run a script, just parse-out the information you need into a field so you can pass it to your script.