All,
I have an alert that runs nightly that reads the distinct databases that have encountered a given event. When the alert is run, I want to pass that list of databases to a python script that will be able to execute logic on each of the values in that list.
Is there a way to do this? Is this what the eighth argument detailed here is used for? I'm unsure as to what format that data will be in though, since I really just want the formatted list of values the search returns.
Thanks!
Yup, the eighth argument is a path to a file containing the raw results, I believe in a .csv.gz archive.
As for the format of the data vs your expectations, just take a look at them at (roughly) $SPLUNK_HOME/var/run/splunk/dispatch/searchid/results.csv.gz on your search head.
Yup, the eighth argument is a path to a file containing the raw results, I believe in a .csv.gz archive.
As for the format of the data vs your expectations, just take a look at them at (roughly) $SPLUNK_HOME/var/run/splunk/dispatch/searchid/results.csv.gz on your search head.
I'll give this a shot. Thanks!
I just checked and it is a .gzip online.
That is awesome, good response.
For anyone curious, the documentation is here:
http://docs.splunk.com/Documentation/Splunk/5.0/Alert/Configuringscriptedalerts