
Use the Notable Event Actions SDK
The Notable Events Action SDK comes packaged with ITSI and is located in $SPLUNK_HOME/etc/apps/SA-ITOA/lib/itsi/event_management/sdk
. The SDK is implemented in Python and includes:
- Methods for custom actions on ITSI episodes:
class CustomGroupActionBase
in custom_group_action_base.py - Methods for working on an ITSI episode post-custom action:
class EventGroup
in grouping.py - Methods for finding metadata for ITSI notable events:
class EventMeta
in eventing.py - Methods for finding metadata for ITSI episodes:
class GroupMeta
in grouping.py
Custom actions require a class that derives from CustomGroupActionBase and implements the execute()
method. The __init__()
method of your class needs to initialize the base class CustomGroupActionBase.
For more information, see the Notable events action SDK reference in this manual.
The following is a summary of the custom action Ping Host that ships with ITSI:
class Ping(CustomGroupActionBase): def __init__(self, settings): # initialize CustomGroupActionBase super(Ping, self).__init__(settings, self.logger) def get_host_to_ping(self): # from input settings, fetch host to ping # some logic is abstracted in custom_event_action_base.py ... return host def ping(self, host): #does the act of pinging the host ... def execute(self): # has all the logic of ping in here... host = self.get_host_to_ping() std_out, std_err = self.ping(host) # do other stuff here, like add a comment to an ITSI episode # or add a few tags, and so on.... # change the state of the episode.... for data in self.get_group(): group_id = data.get('itsi_group_id') group = EventGroup(self.get_session_key(), self.logger) group.create_comment(itsi_group_id, comment) group.create_comment(itsi_group_id, out) group.create_tag(itsi_group_id, 'ping') return if __name__=='__main__': if len(sys.argv) > 1 and sys.argv[1] == '--execute': input_params = sys.stdin.read() ping = Ping(input_params) ping.execute()
PREVIOUS web.conf |
NEXT Notable Event Actions SDK reference |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5
Feedback submitted, thanks!