- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- OpsGenie for Splunk app on a Search Head Cluster
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We're having some issues getting the OpsGenie for Splunk app working on a Search Head cluster.
We've been able to get it to work on a test instance of Splunk with a single search head but it doesn't work in the cluster. There seem to be a few issues. I can get the API key to be saved successfully in the OpsGenie app, but none of the Splunk alerts are sent. Looking at the logs we can see the below errors:
ERROR sendmodalert - action=opsgenie STDERR - Unexpected error: Could not get opsgenie credentials from splunk. Error: [HTTP 403] Client is not authorized to perform requested action; /servicesNS/nobody/opsgenie/admin/passwords
WARN sendmodalert - action=opsgenie - Alert action script returned error code=3
Has anyone been able to get this app to work in a clustered environment? Is there something additional that needs to be done?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could it be permissions related? We got the same error message (although not in a clustered environment). Per https://answers.splunk.com/answers/602346/opsgenie-app-trigging-alert-doesnt-work-unless-use.html you need the "list_storage_passwords" capability for the alert to work.,Could it be permissions related? We got the same error message (although not in a clustered environment). Per https://answers.splunk.com/answers/602346/opsgenie-app-trigging-alert-doesnt-work-unless-use.html you need the assign the "list_storage_passwords" capability to the desired user.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could it be permissions related? We got the same error message (although not in a clustered environment). Per https://answers.splunk.com/answers/602346/opsgenie-app-trigging-alert-doesnt-work-unless-use.html you need the "list_storage_passwords" capability for the alert to work.,Could it be permissions related? We got the same error message (although not in a clustered environment). Per https://answers.splunk.com/answers/602346/opsgenie-app-trigging-alert-doesnt-work-unless-use.html you need the assign the "list_storage_passwords" capability to the desired user.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We were using the admin account which has full permissions. I think it's actually an issue with that version of the 'OpsGenie for Splunk' app. It works on the latest version of that app, 1.1.6, which was released recently.
The functionality on a cluster is still a bit odd, you have to modify your URL to
/en-US/manager/opsgenie/apps/local/opsgenie/setup?action=edit
to be able to access the app setup to enter an API key as the link doesn't appear via the GUI. The users that create the Splunk alerts also need to have the "list_storage_passwords" capability, as you mentioned.
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
