Re: How send splunk alerts to netcool?

romattos · ‎03-11-2020

How Can I send alerts from splunk to netcool ? The splunk is able to send alerts to netcool omnibus?

gcusello · ‎03-11-2020

Hi @romattos,
are yu speaking of IBM netcool?
Did you already explored the SNMP Splunk MA App for Netcool ( https://splunkbase.splunk.com/app/3596/ ) ?

otherwise it isn't so easy because, following the instructions at https://docs.splunk.com/Documentation/Splunk/6.2.1/alert/SendingSNMPtrapstoothersystems (as you can see it's old!), you have to create a perl script because in the 0 fields related to a fired alert you can find the url of a zipped files that contains the results of the search but you cannot send it to Netcool and you have to unzip it and add to one of the eight fields.

Ciao.
Giuseppe

romattos · ‎03-11-2020

Hi Giuseppe.

Yes . I want to send to IBM Netcool Omnibus. Is it possible? Do you have more details?

Thanks!!

hgehrts_splunk · ‎03-11-2020

Hi!
yes, it's possible. And there are several ways of doing this. The easiest might be
https://docs.splunk.com/Documentation/Splunk/8.0.2/Alert/AlertWorkflowOverview
where an alert action triggers a script that sends information into an Omnibus Probe.

best
Henning

How send splunk alerts to netcool?

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!