I have a advanced alert in which we are firing off an external application. What I want to do is send some additional data to this external application by running a SQL (or SWQL...which ever works), how can I make this happen?
Here is the query:
SELECT Syslog.Hostname_UNICODE, Syslog.Message FROM Syslog
where Syslog.MessageType LIKE '%AAA-4-LOGIN_FAILED%' and Syslog.DateTime >= DATEADD(Minute, -5, GetDate())
Trigger Action Command String:
E:\Tools\CreateTicket.exe ${SQL: SELECT Syslog.Hostname_UNICODE, Syslog.Message FROM Syslogwhere Syslog.MessageType LIKE '%AAA-4-LOGIN_FAILED%' and Syslog.DateTime >= DATEADD(Minute, -5, GetDate())}"