Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

invoking alert action from spl query or command line

khreddy
Explorer
‎03-02-2021 10:40 AM

I have a parameterized query which returns results.

I have an alert action to send the results to some location as configurable item

Based on the different criterion.....I should call the alert action passing different location values.

I am currently creating manually all the different criterion wrappers and attach specific location values.

If there is a way either in spl or command line to call the alert action on top of the results returned then instead of creating wrapper savedsearches, I could easily script and pass appropriate values and invoke the splunk command to execute the spl.

In nutshell:

Calling alert action from spl or using command line on the query results.

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...