- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: PagerDuty App for Splunk 1.0: Why am I getting...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PagerDuty App for Splunk 1.0: Why am I getting "Invalid key in stanza ... Did you mean 'param.incident_url'" for alert_actions.conf?
With the PagerDuty App for Splunk 1.0 installed on Splunk 6.4 I see this on Splunk start:
Checking conf files for problems...
Invalid key in stanza [pagerduty] in /opt/splunk/etc/apps/pagerduty_incidents/local/alert_actions.conf, line 3: param.integration_url (value: ).
Invalid key in stanza [pagerduty] in /opt/splunk/etc/apps/pagerduty_incidents/default/alert_actions.conf, line 9: param.incidents_url (value: ).
Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug'
Done
When running btool it prints:
Checking: /opt/splunk/etc/apps/pagerduty_incidents/local/alert_actions.conf
Invalid key in stanza [pagerduty] in /opt/splunk/etc/apps/pagerduty_incidents/local/alert_actions.conf, line 3: param.integration_url (value: ).
Did you mean 'param.incident_url'?
Did you mean 'payload_format'?
Ideas?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In '$SPLUNK_BASE/etc/apps/pagerduty_incidents/local/alert_actions.conf' file -
changing key name from 'param.integration_url' to 'param.incidents_url' (as mentioned in $SPLUNK_BASE/etc/apps/pagerduty_incidents/README/alert_actions.conf.spec) fixed issue.
# File name: $SPLUNK_BASE/etc/apps/pagerduty_incidents/local/alert_actions.conf
[pagerduty]
disabled = 0
param.incident_url = https://events.pagerduty.com/integration/<integration_code>/enqueue
I believe this is something the app developer has to fix in the upcoming release.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
did you create a alert_actions.conf.spec file in the README folder?
[pagerduty]
param.integration_url=<string>
param.incidents_url=<string>
regards,
-thomas
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am having this same issue. What are you referring to thomas?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Take a look here: http://docs.splunk.com/Documentation/Splunk/6.5.3/AdvancedDev/CustomAlertConfig it describes that you need to have a alert_actions.conf file and an alert_actions.conf.spec file
Means take look on the file which is raising the error. Create in the apps README folder the *.spec file with the specification for the values.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I will create both of those files and give it a shot. It seems like the app would handle all of this setup by default. Am i missing something?
Detecting Remote Code Executions With the Splunk Threat Research Team
Observability | Use Synthetic Monitoring for Website Metadata Verification
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
