1

Is there any way to run external script with source IP (source IP of device which sent alert to splunk, host= value in event) address as variable? There is in splunk documentation few variables but non of them are host. I need to trigger config download from Solar Winds upon change of config. All syslog messages are sent to splunk. So when alert is triggered it would run script ./update $SOURCE_HOST

Datagram.Network
  • 111
  • 3

1 Answers1

0

You can trigger an Alert on anything you like. If you want the Alert to run a script, just parse-out the information you need into a field so you can pass it to your script.

warren
  • 32,620
  • 21
  • 85
  • 124