Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Alerting
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Alerting
- :
- Re: How to create a python script that generates a...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Federica_92
Communicator
02-09-2015
07:23 AM
Hi,
I'm new to splunk sdk so, forgive me if my question is obvious.
I'm trying to create a python script that runs a search job every minutes and give an alert if the number of events is 0.
I'm starting with the connection:
import splunklib.client as client
HOST = "localhost"
PORT = 8089
USERNAME = "admin"
PASSWORD = "changeme"
//Create a Service instance and log in
service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD)
myquery = "*"
mysearchname = "hello"
//Check if this already exist
//mysavedsearch = service.saved_searches.create(mysearchname, myquery)
mysavedsearch = service.saved_searches["hello"]
kwargs = {"description": "This is a test search",
"is_scheduled": True,
"cron_schedule": "*/5 * * * * ",}
mysavedsearch.update(**kwargs).refresh()
print "Description: ", mysavedsearch["description"]
print "Is scheduled: ", mysavedsearch["is_scheduled"]
print "Cron schedule: ", mysavedsearch["cron_schedule"]
print "Next scheduled time: ", mysavedsearch["next_scheduled_time"]
Ok but how do I set the parameters of the alert?
Could someone confirm if this is correct?
Thank you in advance
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Federica_92
Communicator
02-10-2015
04:34 AM
In the end, this is my code and work
import splunklib.client as client
HOST = "localhost"
PORT = 8089
USERNAME = "admin"
PASSWORD = "changeme"
# Create a Service instance and log in
service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD)
# Variables
myquery = "index=main | transaction dc(host) by host"
mysearchname = "h1"
a=0
# Create the search
savedsearches = service.saved_searches
for savedsearch in savedsearches:
if (savedsearch.name=="h1"): a=1
if a==0: mysavedsearch = service.saved_searches.create(mysearchname, myquery)
# Edit the search
mysavedsearch = service.saved_searches["h1"]
kwargs = {"description": "This is a search",
"is_scheduled": True,
"cron_schedule": "*/1 * * * * ",
"alert.track":1,
"alert_comparator":"greater than",
"alert_type":"number of events",
"alert_threshold":0,
"alert.severity":5,
}
mysavedsearch.update(**kwargs).refresh()
print "Description: ", mysavedsearch["description"]
print "Is scheduled: ", mysavedsearch["is_scheduled"]
print "Cron schedule: ", mysavedsearch["cron_schedule"]
print "Next scheduled time: ", mysavedsearch["next_scheduled_time"]
print "Alert track ", mysavedsearch["alert.track"]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
k_harini
Communicator
06-04-2017
01:57 AM
How are you calling this script? Is it through scripted input? I have similar requirement. Please help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Federica_92
Communicator
02-10-2015
04:34 AM
In the end, this is my code and work
import splunklib.client as client
HOST = "localhost"
PORT = 8089
USERNAME = "admin"
PASSWORD = "changeme"
# Create a Service instance and log in
service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD)
# Variables
myquery = "index=main | transaction dc(host) by host"
mysearchname = "h1"
a=0
# Create the search
savedsearches = service.saved_searches
for savedsearch in savedsearches:
if (savedsearch.name=="h1"): a=1
if a==0: mysavedsearch = service.saved_searches.create(mysearchname, myquery)
# Edit the search
mysavedsearch = service.saved_searches["h1"]
kwargs = {"description": "This is a search",
"is_scheduled": True,
"cron_schedule": "*/1 * * * * ",
"alert.track":1,
"alert_comparator":"greater than",
"alert_type":"number of events",
"alert_threshold":0,
"alert.severity":5,
}
mysavedsearch.update(**kwargs).refresh()
print "Description: ", mysavedsearch["description"]
print "Is scheduled: ", mysavedsearch["is_scheduled"]
print "Cron schedule: ", mysavedsearch["cron_schedule"]
print "Next scheduled time: ", mysavedsearch["next_scheduled_time"]
print "Alert track ", mysavedsearch["alert.track"]
Get Updates on the Splunk Community!
Join Us for Splunk University and Get Your Bootcamp Game On!
If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...
.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!
.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...
Announcing Scheduled Export GA for Dashboard Studio
We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...
