I have been following this example (https://answers.splunk.com/answers/683820/why-is-the-custom-alert-script-failing-with-sendal.html) and encountered an error in the showconfiguration.py script.
import pprint, json, sys
if __name__ == "__main__":
if len(sys.argv) > 1 and sys.argv[1] = "--execute":
f.open("/tmp/splunktest.txt", "w")
f.write("Here's the info we get from splunk:")
f.write(pprint.pprint(json.loads(sys.stdin.read())))
f.close()
Errors in log:
04-02-2020 07:30:11.193 +0000 WARN sendmodalert - action=showconfiguration - Alert action script returned error code=1
04-02-2020 07:30:11.193 +0000 INFO sendmodalert - action=showconfiguration - Alert action script completed in duration=11 ms with exit code=1
04-02-2020 07:30:11.191 +0000 ERROR sendmodalert - action=showconfiguration STDERR - SyntaxError: invalid syntax
04-02-2020 07:30:11.191 +0000 ERROR sendmodalert - action=showconfiguration STDERR - ^
04-02-2020 07:30:11.191 +0000 ERROR sendmodalert - action=showconfiguration STDERR - if len(sys.argv) > 1 and sys.argv[1] = "--execute":
04-02-2020 07:30:11.191 +0000 ERROR sendmodalert - action=showconfiguration STDERR - File "/opt/splunk/etc/apps/showconfiguration/bin/showconfiguration.py", line 4
host = 6c83f2e55cd4source = /opt/splunk/var/log/splunk/splunkd.logsourcetype = splunkd
There is a syntax error in your python script. Line number 4 should be:
if len(sys.argv) > 1 and sys.argv[1] == "--execute":
It's better to use a python editor/IDE like IDLE or PyCharm to write your code so that you'll identify these errors before deploying to search heads.
There is a syntax error in your python script. Line number 4 should be:
if len(sys.argv) > 1 and sys.argv[1] == "--execute":
It's better to use a python editor/IDE like IDLE or PyCharm to write your code so that you'll identify these errors before deploying to search heads.