Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to change result of alert from gzip to CSV?

dungpv
Explorer
‎07-14-2012 12:55 AM

Hi All,
I have a problem. I create a scheduler search to retrieve a list of IP access to my web server exceeds a certain threadhold, there would be generate an alert. And now, I want create a script to get a list of IP and take to blacklist of firewall a way automatic. Can I write a script to get a list of IP from file result with format is gzip? Please help me solve problem?
Thanks & regards,

Tags (1)
0 Karma
Reply

MHibbin
Influencer
‎07-14-2012 03:26 AM

Perhaps you should look at scripted alerts... here

There are couple of other question you should also look at for hints ...

http://splunk-base.splunk.com/answers/3019/scripted-alert-question

AND

http://splunk-base.splunk.com/answers/40843/alerting-send-ipuser-to-script-as-a-parameter

But generally you should also look to support/forums for your firewall vendor for the actual script sections that will be needed to add firewall rules to the access list.

Hope this helps,

MHibbin

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...