Splunk® IT Service Intelligence

Administration Manual

Acrobat logo Download manual as PDF


Splunk IT Service Intelligence version 4.2.x will no longer be supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see Before you upgrade IT Service Intelligence.
This documentation does not apply to the most recent version of Splunk® IT Service Intelligence. Click here for the latest version.
Acrobat logo Download topic as PDF

Use the Notable Event Actions SDK

The Notable Events Action SDK comes packaged with ITSI and is located in $SPLUNK_HOME/etc/apps/SA-ITOA/lib/itsi/event_management/sdk. The SDK is implemented in Python and includes:

  1. Methods for a Custom Action on an ITSI notable event: class CustomEventActionBase in custom_event_action_base.py
  2. Methods for working on an ITSI notable event post-custom action: class Event in eventing.py
  3. Methods for finding metadata for ITSI notable events: class EventMeta in eventing.py

Custom actions require a class that derives from CustomEventActionBase and implements the execute() method. The _init_() method of your class needs to initialize the base class CustomEventActionBase.

For more information, see the Notable events action SDK reference in this manual.

The following is a summary of the custom action Ping Host that ships with ITSI:

Because individual notable events are immutable in version 4.0.0 and later, you must pass the unique ID of an episode (itsi_group_id) instead of the ID of an individual notable event. Therefore, the previously event_id parameter is now itsi_group_id in the example below.

class Ping(CustomEventActionBase):
    def __init__(self, settings):
        # initialize CustomEventActionBase
        super(Ping, self).__init__(settings, self.logger)
   
    def get_host_to_ping(self):
       # from input settings, fetch host to ping
       # some logic is abstracted in custom_event_action_base.py
       ...
       return host

    def ping(self, host):
        #does the act of pinging the host
        ...
    def execute(self):
        # has all the logic of ping in here...
        host = self.get_host_to_ping()
        std_out, std_err = self.ping(host)
        
        # do other stuff here, like add a comment to an ITSI episode
        # or add a few tags, and so on....
        # change the state of the episode....
        for data in self.get_event():
            itsi_group_id = data.get('itsi_group_id')
            event = Event(self.get_session_key(), self.logger)
            event.create_comment(itsi_group_id, comment)
            event.create_comment(itsi_group_id, out)
            event.create_tag(itsi_group_id, 'ping')
        return

if __name__=='__main__':
    if len(sys.argv) > 1 and sys.argv[1] == '--execute':
        input_params = sys.stdin.read()
        ping = Ping(input_params)
        ping.execute()
Last modified on 30 July, 2019
PREVIOUS
web.conf 		  NEXT
Notable Event Actions SDK reference

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1, 4.1.2, 4.1.5, 4.2.0, 4.2.1, 4.2.2, 4.2.3

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters