Re: Slack Add on App

manish_singh_77 · ‎05-19-2020

Hi Folks,

I am getting an error message when trying to send alerts from Splunk to Slack.

Here is an error message:

sendmodalert - action=slack_webhook_alert - Alert action script returned error code=255
ERROR SearchScheduler - Error in 'sendalert' command: Alert script returned error code 255., search='sendalert slack_webhook_alert results_file

Any idea, what must be causing this issue?

rkyadav · ‎05-19-2020

You can check out two option :
1. Check the permissions on your stored credential objects. They must be shared either globally or within the slack_webhook_alert app.
2.checkpointer-from where you are trying to access

manish_singh_77 · ‎05-19-2020

@rkyadav

I did not understand the second point, I also noticed that when configured the new webhook_name alerts are coming but not coming in the set duration.

For instance, if alert has been scheduled to run every 5 mins then in 30 mins, I am getting only 2 alerts.

rkyadav · ‎05-19-2020

Do you have issue with Error code=255 or scheduling an alert ?

Try changing the trigger action to "For each result"

manish_singh_77 · ‎05-19-2020

@rkyadav

I have set the trigger action to once only.

manish_singh_77 · ‎05-19-2020

@rkyadav

We don't have to trigger for each result as it will create unnecessary confusion for the users.

manish_singh_77 · ‎05-19-2020

@rkyadav

I am majorly observing delay in the alerts on Slack channel.

rkyadav · ‎05-20-2020

check out your connectivity , seems like have an issue

rkyadav · ‎05-20-2020

Error 255 : This is usually happens when the remote is down/unavailable; or the remote machine doesn't have ssh installed; or a firewall doesn't allow a connection to be established to the remote host or could be your host key verification failed.

Slack Add on App

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases