Hi Alert Manager Support,
Sorry to bothering you again.
I tested it successfully in our Dev env, but when I move on to QA env. I got below errors which I never see before .
11-09-2016 20:18:25.385 +0000 INFO sendmodalert - Invoking modular alert action=alert_manager for search="testtesttesttest" sid="scheduler__admin__xaxis__testtesttesttest_at_1478722680_16" in app="xaxis" owner="admin" type="saved"
11-09-2016 20:18:25.537 +0000 ERROR sendmodalert - action=alert_manager STDERR - Traceback (most recent call last):
11-09-2016 20:18:25.537 +0000 ERROR sendmodalert - action=alert_manager STDERR - File "/opt/splunk/etc/apps/alert_manager/bin/alert_manager.py", line 363, in
11-09-2016 20:18:25.537 +0000 ERROR sendmodalert - action=alert_manager STDERR - savedSearch = getSavedSearch(payload.get('app'), search_name, sessionKey)
11-09-2016 20:18:25.537 +0000 ERROR sendmodalert - action=alert_manager STDERR - File "/opt/splunk/etc/apps/alert_manager/bin/alert_manager.py", line 288, in getSavedSearch
11-09-2016 20:18:25.537 +0000 ERROR sendmodalert - action=alert_manager STDERR - savedSearch = getRestData(uri, sessionKey)
11-09-2016 20:18:25.537 +0000 ERROR sendmodalert - action=alert_manager STDERR - File "/opt/splunk/etc/apps/alert_manager/bin/alert_manager.py", line 263, in getRestData
11-09-2016 20:18:25.538 +0000 ERROR sendmodalert - action=alert_manager STDERR - serverResponse, serverContent = rest.simpleRequest(uri, sessionKey=sessionKey, getargs={'output_mode': 'json'})
11-09-2016 20:18:25.538 +0000 ERROR sendmodalert - action=alert_manager STDERR - File "/opt/splunk/lib/python2.7/site-packages/splunk/rest/__init__.py", line 534, in simpleRequest
11-09-2016 20:18:25.538 +0000 ERROR sendmodalert - action=alert_manager STDERR - raise splunk.ResourceNotFound, uri
11-09-2016 20:18:25.538 +0000 ERROR sendmodalert - action=alert_manager STDERR - splunk.ResourceNotFound: [HTTP 404] https://127.0.0.1:8089/servicesNS/nobody/xaxis/admin/savedsearch/testtesttesttest?output_mode=json
11-09-2016 20:18:25.548 +0000 INFO sendmodalert - action=alert_manager - Alert action script completed in duration=162 ms with exit code=1
11-09-2016 20:18:25.548 +0000 WARN sendmodalert - action=alert_manager - Alert action script returned error code=1
11-09-2016 20:18:25.548 +0000 ERROR sendmodalert - Error in 'sendalert' command: Alert script returned error code 1.
11-09-2016 20:18:25.549 +0000 ERROR SearchScheduler - Error in 'sendalert' command: Alert script returned error code 1., search='sendalert alert_manager results_file="/opt/splunk/var/run/splunk/dispatch/scheduler__admin__xaxis__testtesttesttest_at_1478722680_16/results.csv.gz" results_link="http://tbsplunksearch1.qa1.iad2.xaxis.net:8000/app/xaxis/@go?sid=scheduler__admin__xaxis__testtesttesttest_at_1478722680_16"
Any suggestions? appreciate it
PS: my working steps:
on Search head :
1, install alert-manager_214.tgz
2, install TA-alert_manager.tar.gz
3, create index=alerts
... View more