- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Does Slack Notification Alert app work with Sp...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had the Slack Notification Alert app installed in my instance of Splunk Cloud by the support team, as they require. I added the Webhook URL in Setup Slack Alerts.
When I run sendalert manually the message shows up in #mychannel:
search blahblahblah | sendalert slack param.channel="#mychannel" param.message="Found blahblahblah"
I set up a scheduled alert, added Slack as an action, and added #mychannel, but I never get the message and these errors are in splunkd.log (sensitive info removed):
04-04-2018 17:00:03.252 +0000 ERROR SearchScheduler - Error in 'sendalert' command: Alert script returned error code 5., search='sendalert slack results_file="REMOVED" results_link="REMOVED"'
04-04-2018 17:00:03.247 +0000 WARN sendmodalert - action=slack - Alert action script returned error code=5
04-04-2018 17:00:03.245 +0000 FATAL sendmodalert - action=slack STDERR - Invalid webhook URL specified. The URL must use HTTPS.
Any ideas on what may be causing the problem?
Thanks for any help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No this is not compatible on Splunk Cloud (yet)
This version is not yet available for Splunk Cloud.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No this is not compatible on Splunk Cloud (yet)
This version is not yet available for Splunk Cloud.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Confused here..... Splunkbase shows this as compatible and I have had this running successfully on Splunk Cloud for the past year or so. We are currently at v1.0.1, although I notice that Splunkbase shows a v2.0.3 available.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's interesting. I couldn't get v1.0.1 to work at all. I found a workaround, but may do more investigating if it's working for others.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for confirming.
It seems that most of the things that I want to do aren't compatible with Splunk Cloud.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Version 1.1.0 should be cloud compatible.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I assume this is version 1.1.0 of the app?
You could try to increase the logger level for alert actions temporarily to see more information in the logs:
Navigate to "Settings" -> "Server settings" -> "Server logging"
Search for the log channel "sendmodalert"
Select logging level "DEBUG"
NOTE: This will increase cause detailed logs to be produced for all alert actions and might have an
inpact on system performance. It is not recommended to do this on a production system.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, but Splunk Cloud doesn't allow this level of debugging.
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...
Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...
