All Apps and Add-ons

Alert manager apps - List indices must be integers, not str

clementros
Path Finder

Hi,

I'm trying to use the alert manager application, but i can't see errors in alert manager application dashboard.

I did all configuration steps as explain in the documentation (http://docs.alertmanager.info/en/latest/)

When i watch the log file "splunkd.log", i see following errors :

03-26-2019 08:57:37.616 +0100 ERROR sendmodalert - action=alert_manager STDERR -  Traceback (most recent call last): 
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert - action=alert_manager STDERR -    File "/opt/splunk/etc/apps/alert_manager/bin/alert_manager.py", line 402, in <module> 
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert
    - action=alert_manager STDERR -      savedSearch = getSavedSearch(payload.get('app'), search_name, sessionKey) 
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert
    - action=alert_manager STDERR -    File "/opt/splunk/etc/apps/alert_manager/bin/alert_manager.py", line 328, in getSavedSearch
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert
        - action=alert_manager STDERR -      return savedSearch['entry'][0] 
    03-26-2019 08:57:37.616 +0100 ERROR sendmodalert - action=alert_manager STDERR -  TypeError: list indices must be integers, not str 
    03-26-2019 08:57:37.644 +0100 INFO  sendmodalert
        - action=alert_manager - Alert action script completed in duration=570 ms with exit code=1 
    03-26-2019 08:57:37.645 +0100 WARN  sendmodalert
        - action=alert_manager - Alert action script returned error code=1 
    03-26-2019 08:57:37.645 +0100 ERROR sendmodalert - Error in 'sendalert' command: Alert script returned error code 1. 
    03-26-2019 08:57:37.645 +0100 ERROR SearchScheduler - Error in 'sendalert' command: Alert script returned error code 1., search='sendalert alert_manager results_file="/opt/splunk/var/run/splunk/dispatch/scheduler__admin_U3BsdW5rX01MX1Rvb2xraXQ__RMD527e2ea47a21d59f7_at_1553587020_12/per_result_alert/tmp_73.csv.gz" results_link="http://192.168.0.10.nip.io:8000/app/Splunk_ML_Toolkit/search?q=%7Cloadjob%20scheduler__admin_U3BsdW5rX01MX1Rvb2xraXQ__RMD527e2ea47a21d59f7_at_1553587020_12%20%7C%20head%2074%20%7C%20tail%201&earliest=0&latest=now"' 
    03-26-2019 08:57:37.647 +0100 INFO  sendmodalert - Invoking modular alert action=alert_manager for search="9075714df4b64ec3895d4ceacd25a834_1553521216" sid="scheduler__admin_U3BsdW5rX01MX1Rvb2xraXQ__RMD527e2ea47a21d59f7_at_1553587020_12" in app="Splunk_ML_Toolkit" owner="admin" type="saved"

Any ideas of the root cause ?

1 Solution

sduchene_splunk
Splunk Employee
Splunk Employee

Changing the alert permissions from private to app or global solved my issue

View solution in original post

0 Karma

sduchene_splunk
Splunk Employee
Splunk Employee

Changing the alert permissions from private to app or global solved my issue

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...