I'm trying to get familiar with Splunk's Python SDK via the provided examples. However, I'm struggling to understand the format expected for actions when creating saved searches.
$ ./saved_search.py --operation=create --name=api_test_email --search="unique" --actions=email --action.email.to="user@example.org" --action.email.sender="splunkbot"
Usage: saved_search.py --help for options
saved_search.py: error: no such option: --action.email.to
The help states:
> "action...": {
'flags': ["--action.."],
'help': " A key/value pair that is specific to the action_type. For example, if actions contains email, then the following keys would be necessary: action.email.to=foo@splunk.com and action.email.sender=splunkbot. For scripts: action.script.filename=doodle.py (note: script is run from $SPLUNK_HOME/bin/scripts/)"
↧