Solved: Splunk Add-on Builder: When editing the script, ho...

larryleeroberts · ‎02-02-2017

I am working on the Splunk Add-On Builder and so far really liking it. It's making me learn Python 🙂
I do have one question though that I can not seem to find an answer too. When I am editing the script in the Add-On Builder, how can I go about logging specific things to Splunk that can be searched for?

For example, I am building a customized alert. When used, I would like to log to Splunk something like...
"Splunk alert for was triggered on "

I would also like to specify the source.

I can not seem to find any example of this. Can anyone provide a code example?

Thank you!

larryleeroberts · ‎02-02-2017

Found my own answer looking right at me 🙂
helper.addevent("hello", sourcetype="sample_sourcetype")
helper.addevent("world", sourcetype="sample_sourcetype")
helper.writeevents(index="summary", host="localhost", source="localhost")

View solution in original post

ehaddad_splunk · ‎02-02-2017

The above helper functions are to index the data.
If you want your alert action to log info to internal logs, you can use
helper.log_info("my info message")
helper.log_error("my error message")
There are example of helper.log_info in commented area that you can leverage

larryleeroberts · ‎02-03-2017

Thanks!!!!

larryleeroberts · ‎02-02-2017

Found my own answer looking right at me 🙂
helper.addevent("hello", sourcetype="sample_sourcetype")
helper.addevent("world", sourcetype="sample_sourcetype")
helper.writeevents(index="summary", host="localhost", source="localhost")

Splunk Add-on Builder: When editing the script, how can I go about logging specific things to Splunk that can be searched for?

Archived Metrics Now Available for APAC and EMEA realms

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!