Splunk® Enterprise

Developing Views and Apps for Splunk Web

Acrobat logo Download manual as PDF

Splunk Enterprise version 7.2 is no longer supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
Acrobat logo Download topic as PDF

Custom alert action component reference

Review required and optional custom alert action components and app directory structure.

App directory structure

Here is the directory layout of an app that includes a custom alert action.






App components

This app directory has the following components.

Component File Description Required?
Logic [custom_alert_action_script] Alert action script or executable file Yes
User interface [custom_alert_action].html HTML file defining the user interface for alert configuration Yes
Alert action configuration alert_actions.conf Registers the custom alert action Yes
Spec files alert_actions.conf.spec Declares alert action parameters Optional
savedsearches.conf.spec Declares alert action parameters configured in the local savedsearches.conf file for the Splunk platform instance. Optional
App configuration app.conf Defines app package and UI information Yes
Icons [app_icon].png One or more icon image file(s) Optional
Setup setup.xml Defines a UI for populating global settings at setup time Optional
Validation restmap.conf Defines validation for parameters declared in savedsearches.conf Optional
Access control metadata default.meta Defines alert action permission and scope Optional

Confidential information storage

Additionally, you can opt to use the password storage endpoint to store confidential information in an encrypted format. See Confidential information storage.

Last modified on 10 April, 2021
Custom alert actions overview
Set up custom alert configuration files

This documentation applies to the following versions of Splunk® Enterprise: 6.5.7, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.0.0, 7.3.3, 7.3.4, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 9.0.0, 7.3.5, 7.3.6, 7.3.7

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters