- Splunk Answers
- :
- Using Splunk
- :
- Reporting
- :
- Re: Is it possible to do a search as a background ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is it possible to do a search as a background job and webhook to my API when it completes?
Hi,
I am trying to automate a Splunk search and export the result to our database. Is it possible to do a search as a background job and webhook it to my API when it completes?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@AkhilKrishnaA,
You could create a scheduled alert and set webhook in the alert actions
https://docs.splunk.com/Documentation/SplunkCloud/7.0.3/Alert/Definescheduledalerts
http://docs.splunk.com/Documentation/Splunk/7.1.2/Alert/Webhooks
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
But which condition can I check to trigger webhook. On which index can I check the status of job.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk sends the alert once the search is completed. So you could set the trigger condition based on your requirements , for e.g. "number of results" greater than 0 or number of hosts or even some custom conditions . Please see : http://docs.splunk.com/Documentation/SplunkCloud/7.0.3/Alert/AlertTriggerConditions#Workflow_for_tri...
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
which Index should I check? Is it possible to create an alert using Java SDK?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@AkhilKrishnaA, you search your normal data index and then set it as a scheduled search and port the results to your database.
Please refer to these documents : https://docs.splunk.com/Documentation/SplunkCloud/7.0.3/Alert/Definescheduledalerts
http://docs.splunk.com/Documentation/Splunk/7.1.2/Alert/Webhooks
Java SDK : http://dev.splunk.com/view/java-sdk/SP-CAAAEKY
What goes around comes around. If it helps, hit it with Karma 🙂
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
.conf24 | Personalize your .conf experience with Learning Paths!
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
