Hi,
I am trying to pass arguments from a savedsearch result to a python script, and it does not work. Code below.
savedsearches.conf
[test_search]
action.log_message = 1
action.log_message.param.name = $name$
action.log_message.param.condition = $result.condition$
action.log_message.param.host = $result.host$
action.log_message.param.source = $result.source$
alert.digest_mode = 0
alert.suppress = 0
alert.track = 1
counttype = number of events
cron_schedule = */1 * * * *
disabled = 1
dispatch.earliest_time = -5m
dispatch.latest_time = now
enableSched = 1
quantity = 0
relation = greater than
request.ui_dispatch_app = search
request.ui_dispatch_view = search
search = index=main host=test_host source=test_source status=* earliest=-2m latest=now | eval condition=if(status!="OK","CRITICAL","OK") | stats last(condition) as condition by host,source
alert_actions.conf
[log_message]
is_custom = 1
label = test
description = test
icon_path = appIcon.png
alert.execute.cmd = test.py
payload_format = json
disabled = 0
param.name =
param.condition =
param.host =
param.source =
test.py
#!/bin/python
import json
import sys
import os
import datetime
timestamp = datetime.datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ")
name = config['name']
condition = config['condition']
host = config['host']
source = config['source']
f = open('temp.txt', 'w')
sys.stdout = f
sys.stderr = f
print(host, source, name, condition, timestamp)
f.close()
And I get no output. If hard code some values in the script directly, then the file will be written every time the script is triggered.
Expected output
('test_host', 'test_source', 'test_search', 'condition' , 'timestamp')
Thank you in advance.
Regards,
↧