Databases Reference
In-Depth Information
DIRNAME='basename "$DIRPATH"'
DESTFILE="$DIRNAME.csv.gz"
cp "$8" /mnt/archive/alert_action_example_output/$DESTFILE
URL="http://mymonitoringsystem.mygreatcompany/open_ticket.cgi"
URL="$URL?name=$4&count=$1&filename=$DESTFILE"
echo Calling $URL
curl $URL
You would then place your script in
$SPLUNK_HOME/bin/scripts
on the server
that will execute the script and refer to the script by name in
Alert actions
. If you
have a distributed Splunk environment, the server that executes the scripts will
be your search head.
If you need to perform an action for each row of results, then your script will need
to open the results. The following is a Python script that loops over the contents
of the gzip file and posts the results to a ticketing system, including a JSON
representation of the event:
#!/usr/bin/env python
import sys
from csv import DictReader
import gzip
import urllib
import urllib2
import json
#our ticket system url
open_ticket_url = "http://ticketsystem.mygreatcompany/ticket"
#open the gzip as a file
f = gzip.open(sys.argv[8], 'rb')
#create our csv reader
reader = DictReader(f)
for event in reader:
fields = {'json': json.dumps(event),
'name': sys.argv[4],
'count': sys.argv[1]}
Search WWH ::
Custom Search