I had the Slack Notification Alert app installed in my instance of Splunk Cloud by the support team, as they require. I added the Webhook URL in Setup Slack Alerts.
When I run sendalert manually the message shows up in #mychannel:
search blahblahblah | sendalert slack param.channel="#mychannel" param.message="Found blahblahblah"
I set up a scheduled alert, added Slack as an action, and added #mychannel, but I never get the message and these errors are in splunkd.log (sensitive info removed):
04-04-2018 17:00:03.252 +0000 ERROR SearchScheduler - Error in 'sendalert' command: Alert script returned error code 5., search='sendalert slack results_file="REMOVED" results_link="REMOVED"'
04-04-2018 17:00:03.247 +0000 WARN sendmodalert - action=slack - Alert action script returned error code=5
04-04-2018 17:00:03.245 +0000 FATAL sendmodalert - action=slack STDERR - Invalid webhook URL specified. The URL must use HTTPS.
Any ideas on what may be causing the problem?
Thanks for any help.
... View more