All Apps and Add-ons

error STDERR

jmallorquin
Builder

Hi,

We just have installed your app but for some reason the alert that we have configured it doesn't send anything if we configured the alert action Send results as XLS.

We just configured the fields: Recipient / Subject / Filename / Message Body

If we remove the alert action Send result as XLS and configure the standard email with csv, the same alert works perfectly.

In the internal index I can see an error event in JSON format ERROR sendmodalert - action=sendxlsresults_alert STDERR and also I can see the results of the search in this event.

Any idea about what could be the problem?

Thanks in advance

Tags (1)
0 Karma

aojie654
Path Finder

In the Readme.md in app, there is the debug search command:

index=_internal sourcetype=splunkd sendmodalert action=sendxlsresults_alert STDERR | eval logmsg=substr(_raw,89) 
| append [search index=_internal source="/opt/splunk/var/log/splunk/sendxlsresults.log" | eval logmsg=_raw]
| table _time,logmsg | reverse

Then, juct check the message in the results.
After I delete the Chinese characters in previous step, my error message shows me that the following informations:
alt text

That's obvious that I had an error in connection to mail server, but I can send alert via splunk Email sender. Maybe I will spend a few time on it.

0 Karma

aojie654
Path Finder

Hi, splunkers:

I found the python traceback in splunk log via the search command:

index=_internal source!="*access.log" sendemail

2019-04-25 11:20:03,469 ERROR invocation_id=1556162403.44:31954 invocation_type="action" msg="some error occured - stack trace follows" Traceback (most recent call last):
  File "/opt/splunk/etc/apps/sendxlsresults/bin/sendxlsresults_alert.py", line 282, in <module>
    sendemail(recipient, sender, subject, bodyText, argvals, filename)
  File "/opt/splunk/etc/apps/sendxlsresults/bin/sendxlsresults_alert.py", line 152, in sendemail
    part1 = MIMEText(bodyText, 'plain')
  File "/opt/splunk/lib/python2.7/email/mime/text.py", line 30, in __init__
    self.set_payload(_text, _charset)
  File "/opt/splunk/lib/python2.7/email/message.py", line 226, in set_payload
    self.set_charset(charset)
  File "/opt/splunk/lib/python2.7/email/message.py", line 262, in set_charset
    self._payload = self._payload.encode(charset.output_charset)
UnicodeEncodeError: 'ascii' codec can't encode characters in position 6-9: ordinal not in range(128)

In the *sendxlsresults_alert.py* looks as this:

225         print >> sys.stderr, "Settings we received:"
226         print >> sys.stderr, settings
227 
228         print >> sys.stderr, "Arguments we received:"
229         print >> sys.stderr, argvals
230         bodyText           = getarg(settings, "body", "")
231         subject            = getarg(settings, "subject", "")

Then I add the following 2 lines just like this:

225         print >> sys.stderr, "Settings we received:"
226         print >> sys.stderr, settings
227 
228         print >> sys.stderr, "Arguments we received:"
229         print >> sys.stderr, argvals
230         bodyText           = getarg(settings, "body", "")
**231         print >> sys.stderr, "BodyText"**
**232         print >> sys.stderr, bodyText**
233         subject            = getarg(settings, "subject", "")

After this, I used the debug search command in the Readme.me of this app :

index=_internal sourcetype=splunkd sendmodalert action=sendxlsresults_alert STDERR | eval logmsg=substr(_raw,89) 
| append [search index=_internal source="/opt/splunk/var/log/splunk/sendxlsresults.log" | eval logmsg=_raw]
| table _time,logmsg | reverse

I found that the bodyText just be the message I've set in the schedule report page which is "V2ray数量统计" that contains Chinese characters at the position 6-9 in the string.

I think maybe I need to transforms character encoding from ascii to utf-8 in some way.

0 Karma

dfgrtKJH
Path Finder

I receive the same error...

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...