Hello,
I am a total noob with Splunk and Python.
I have created an app that is similar to the Webook app.
It is to send a JSON payload to a Glip webhook.
Everything works, except I would like to send the results that generated the alert.
This is my glip.py
import sys, json
import urllib2
import re
from collections import OrderedDict
def url_decode(urlstring):
return urllib2.unquote(urlstring).decode('utf8')
def decode_all_urls(messagestring):
urlre = r'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+'
return re.sub(urlre, decode_all_matching_urls, messagestring)
def decode_all_matching_urls(match):
match = match.group()
return url_decode(match)
def send_glip_message(settings):
params = dict()
# Decode the results link since it was already encoded; otherwise, it will be double encoded
params['body'] = settings.get('message')
params['icon'] = settings.get('iconurl')
params['activity'] = settings.get('activity')
params['title'] = settings.get('title')
url = settings.get('webhook_url')
body = json.dumps(params)
print >> sys.stderr, 'DEBUG Calling url="%s" with body=%s' % (url, body)
req = urllib2.Request(url, body, {"Content-Type": "application/json"})
try:
res = urllib2.urlopen(req)
body = res.read()
print >> sys.stderr, "INFO Glip API responded with HTTP status=%d" % res.code
print >> sys.stderr, "DEBUG Glip API response: %s" % json.dumps(body)
return 200 <= res.code < 300
except urllib2.HTTPError, e:
print >> sys.stderr, "ERROR Error sending message: %s" % e
return False
if __name__ == '__main__':
if len(sys.argv) > 1 and sys.argv[1] == "--execute":
payload = json.loads(sys.stdin.read())
config = payload.get('configuration')
if not send_glip_message(config):
print >> sys.stderr, "FATAL Sending the glip message failed"
So I am not sure how to get the results of the alert and add them to my payload.
Thanks for any help.
