Splunk® Enterprise

Developing Views and Apps for Splunk Web

Download manual as PDF

Download topic as PDF

Custom alert action component reference

Review required and optional custom alert action components and app directory structure.

App directory structure

Here is the directory layout of an app that includes a custom alert action.

 
[app_name]
    appserver
        static
            [app_icon].png
            [alternative_icon].png

    bin
        [custom_alert_action_script]

    default
        alert_actions.conf
        app.conf
        restmap.conf
        setup.xml
        data
            ui
                alerts
                    [custom_alert_action].html

    metadata
        default.meta

    README
        alert_actions.conf.spec
        savedsearches.conf.spec

App components

This app directory has the following components.

Component File Description Required?
Logic [custom_alert_action_script] Alert action script or executable file Yes
User interface [custom_alert_action].html HTML file defining the user interface for alert configuration Yes
Alert action configuration alert_actions.conf Registers the custom alert action Yes
Spec files alert_actions.conf.spec Declares alert action parameters Optional
savedsearches.conf.spec Declares alert action parameters configured in the local savedsearches.conf file for the Splunk platform instance. Optional
App configuration app.conf Defines app package and UI information Yes
Icons [app_icon].png One or more icon image file(s) Optional
Setup setup.xml Defines a UI for populating global settings at setup time Optional
Validation restmap.conf Defines validation for parameters declared in savedsearches.conf Optional
Access control metadata default.meta Defines alert action permission and scope Optional


Confidential information storage

Additionally, you can opt to use the password storage endpoint to store confidential information in an encrypted format.

PREVIOUS
Custom alert actions overview
  NEXT
Set up custom alert configuration files

This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 7.0.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters