anyone know why I cant execute filesystem commands in the app builder with python and slack web hooks?
https://splunkbase.splunk.com/app/2962/
user log 1:
2018-03-07 18:34:42,033 ERROR pid=24690 tid=MainThread file=cim_actions.py:message:271 | sendmodaction - signature="Error: 'module' object has no attribute 'process_event'. Please double check spelling and also verify that a compatible version of Splunk_SA_CIM is installed." action_name="test_alert" search_name="test_arf" sid="1520447680.116" rid="0" app="TA-fancydudeapp" user="admin" action_mode="adhoc" action_status="failure"
log 2:
The os
module/method can be used to execute filesystem commands.
Make sure for every gui parameter you have a line in the default alert_actions.conf
[test_alert]
param.process_event =
ok so the add-on builder does not do this for you?
support has me using this
https://splunkbase.splunk.com/app/2962/
I can check the alert_actions.conf
I think ill need to SSH to it and use nano cause I don't recall that ability in the app.
thanks for your recomendation ill try that.
-Jon
Make sure for every gui parameter you have a line in the default alert_actions.conf
[test_alert]
param.process_event =
I tired this :
param.process_event="red_alert"
this is set as the alert action or the app name?
Can you expand on this? I'm encountering the same issue and adding the process_event parameter does nothing..