Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Link to alert result needed as a variable

damucka
Builder
‎03-11-2020 01:26 AM

Hello,

I would like to get the link to the alert results under a variable, possibly already during the alert base search (at the end of it). Is it possible?
Basically I need sth like what I get from Activity --> Triggered Alerts --> View Results, e.g.:

https://splunk-ml.zone1.mo.sap.corp/en-US/app/mlbso/search?sid=scheduler__d046266__mlbso__RMD588cf20... ..... etc, etc.

but already at the end of the alert search, that I can set a variable out of it.
The reason is, that I need to integrate my alerts to another tool and there I have a very limited possibility of using texts, so there is no chance to build the output like in Splunk.
What I thought would be best, was to pass the link to the alert results that the alert processor can access splunk directly. For that I need this result link in some kind of variable set with eval ...

Is it possible?

Kind Regards,
Kamil

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

harsmarvania57
Ultra Champion
‎03-11-2020 04:17 AM

In Custom Alert action payload you can find results_link which contain Splunk Web Job result link . See example https://docs.splunk.com/Documentation/Splunk/8.0.2/AdvancedDev/ModAlertsBasicExample

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

harsmarvania57
Ultra Champion
‎03-11-2020 04:17 AM

In Custom Alert action payload you can find results_link which contain Splunk Web Job result link . See example https://docs.splunk.com/Documentation/Splunk/8.0.2/AdvancedDev/ModAlertsBasicExample

0 Karma
Reply
Solved! Jump to solution

damucka
Builder
‎03-13-2020 04:57 AM

Thank you.

0 Karma
Reply
Solved! Jump to solution

damucka
Builder
‎03-18-2020 04:25 AM

Could you please convert your answer that I can accept it?

0 Karma
Reply
Solved! Jump to solution

harsmarvania57
Ultra Champion
‎03-18-2020 04:56 AM

Done, thanks.

0 Karma
Reply
Solved! Jump to solution

harsmarvania57
Ultra Champion
‎03-11-2020 02:12 AM

Are you planning to use Custom Alert Action to send results to 3rd party tool ?

0 Karma
Reply
Solved! Jump to solution

damucka
Builder
‎03-11-2020 04:13 AM

Yes, we wrote one in python and we choose it from the drop down list of the actions.

Kind Regards,
Kamil

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...