Hi,
Long story short I'd like to know if it's possible to pass search results through a script to another system (HP's Operations Orchestration in this case)? I've seen from this link:
http://www.splunk.com/base/Documentation/latest/Admin/Configurescriptedalerts
That you can pass just about everything but the actual results through. It looks like the best thing to do is have HP OO go and read the file that splunk creates, but it's a gz file isn't it? I think OO can read csv, but not so sure about gz.
Any suggestions on how to do this? Here's our use case:
Splunk runs a scheduled search on /32 route withdrawn messages. This catches circuit bounces for to any non-redundant sites and forwards them on (currently) to our HP Network Node Manager iseries application. Problem is, all that does is bascially say "Hey go look at splunk/your email to see why I alerted."
With HP OO, I am able to directly generate an incident in HP NNMi complete with correct source node and everything. HP OO is also able to parse data before it does this, which I'd like it to do. But it needs the data in the first place.
Thanks!
Scott
... View more