Community:Use Splunk alerts with scripts to create a ticket in your ticketing system
From Splunk Wiki
Generate a ticket in your ticketing system from a Splunk alert
You can take any Splunk saved search and tell it to use a script to create a ticket in a system (such as Remedy) based on the search results.
To do this, set up your saved search, put it on a schedule, and set the action to trigger a shell script you've written whenever the number of events you're interested in is> 0.
Put your script (not the Remedy script) in
This script should call the Java program that Remedy uses to generate tickets and pass it data from the Splunk alert. Splunk alerts support the following variables:
- $1 = number of events returned
- $2 = search terms
- $3 = fully qualified search string
- $4 = name of the saved search
- $5 = the reason the action/script was triggered (for example, the number of events returned was >1)
- $6 = a link to the saved search in Splunk +
- $7 = a list of the tags belonging to this saved search (this option was removed starting in Splunk 3.6)
- $8 = path to a file where raw results of this search are located (as opposed to passing the actual results into the ticket--this could be a lot of data).
The following example script passes the reason the script was triggered, a link to the saved search, and the path to the search results file into the ticket that the
generateRemedyTicket Remedy script creates when it's run.
#! /bin/sh /usr/bin/java /var/run/generateRemedyTicket $5 $6 $8
Watch Will Hayes walk through the process in this video.