Alerting

Python SDK: Is it possible generate a Splunk alert based on a triggered python script

abarik
New Member

Hi,
I would first like to explain my requirement: Ultimately, I want to generate a alert (email) based on two conditions:

  1. Certain syslog message pattern is seen on a device
  2. After logging into the device, and giving some verification commands, certain output is seen

I understand that Splunk can do the 1st part (generating alert based on syslog message) very well, but it can't do the 2nd part (logging into a device and executing some commands and take action based on output).

Thats why, I would like to run a Python script that does the 2nd part.

To summarize, I just want to know if I can do the following:

  1. When a syslog message appears on a device, that should trigger a Python Script (I know this is possible)
  2. The Python Script will login to router and execute some commands (not a Splunk requirement)
  3. Based on the output of those commands, the python script should be able to tell Splunk to generate an alert (Is this possible with Splunk Python SDK?)

I hope I have made it clear,
Thanks,

0 Karma

cschmidt0121
Path Finder

Your could make a search that alerts every time it is run and run that from the Python script. Of course that wouldn't be able to receive input based on the commands run by the script.

If you're just looking for an e-mail alert, it might be easier to just e-mail directly from the Python script.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...