Slack alert in Splunk 6.4 or 6.5.5

impurush · ‎12-05-2018

Hello all,

I am getting the below error when I trigger alert from Slack alert app. I tried from Splunk 6.4 and 6.5.5 version also.

FATAL sendmodalert - action=slack STDERR - Unexpected error:

FATAL sendmodalert - action=slack STDERR - Alert action failed
INFO sendmodalert - action=slack - Alert action script completed in duration=127380 ms with exit code=6
WARN sendmodalert - action=slack - Alert action script returned error code=6

impurush · ‎12-06-2018

Hi,

below is my alert set up. I added to trigger mail also to verify the search is working perfectly or not, I am getting the alert mail. And I added incoming webhook configuration to my channel in the slack app. Also, I tried this webhook from my personal Splunk instance and it is working perfectly.

bjoernjensen · ‎12-06-2018

Hey,

Looks like the sendalert script went into some error state: error code=6.

Might be that the way you want to add data lets the script run into a problem (e.g. NULL values, wrong token usage, ...). Can you show us how the alert is being defined?

All the best,
Björn

hijacob · ‎12-06-2018

Hi,

did you use the slack notification alert? https://splunkbase.splunk.com/app/2878/ Maybe you this answer can solve your problem: https://answers.splunk.com/answers/351316/slack-notification-alert-how-can-i-get-the-message-1.html ?

Greetings,
Jacob

impurush · ‎12-06-2018

Hi, I tried the same app and just sending the test message itself not working. Please see the attached screenshot in one my answer below.

Slack alert in Splunk 6.4 or 6.5.5

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases