https://community.splunk.com/t5/Alerting/cutom-alert-action-python-script/m-p/465636#M8267 <P>You are importing <STRONG>request</STRONG>, it should be <STRONG>requests</STRONG>.</P> Wed, 12 Feb 2020 10:16:51 GMT manjunathmeti 2020-02-12T10:16:51Z https://community.splunk.com/t5/Alerting/cutom-alert-action-python-script/m-p/465632#M8263 <P>Hi all. I am struggling where should I check.</P> <P>I want to make splunk user automatically.<BR /> so, I made this script.</P> <P>test.py</P> <PRE><CODE>import sys import os import request import json def test(): data = { 'name':'username', 'password':'password', 'roles':'user'} response = request.post('https://mng_uri:8089/services/authentication/users', data=data, auth=('admin','passme')) id __name__ == "__main__": test() </CODE></PRE> <P>I can execute this scripts <CODE>python test.py</CODE> in my /home directory,</P> <P>and I can create user.</P> <P>so I made custom alert action.</P> <P>I made an alert and select this custom action, but I can not create user.</P> <P>I have no idea because there are no error in internal log(splunkd.log).</P> <P>where should I check???</P> Wed, 12 Feb 2020 08:55:23 GMT https://community.splunk.com/t5/Alerting/cutom-alert-action-python-script/m-p/465632#M8263 pipipipi 2020-02-12T08:55:23Z https://community.splunk.com/t5/Alerting/cutom-alert-action-python-script/m-p/465633#M8264 <P>Please share configurations created for custom alert action.</P> Wed, 12 Feb 2020 09:20:53 GMT https://community.splunk.com/t5/Alerting/cutom-alert-action-python-script/m-p/465633#M8264 manjunathmeti 2020-02-12T09:20:53Z https://community.splunk.com/t5/Alerting/cutom-alert-action-python-script/m-p/465634#M8265 <P>Thank you for helping me. I use add-on builder. so I did not edit conf files.</P> Wed, 12 Feb 2020 09:24:56 GMT https://community.splunk.com/t5/Alerting/cutom-alert-action-python-script/m-p/465634#M8265 pipipipi 2020-02-12T09:24:56Z https://community.splunk.com/t5/Alerting/cutom-alert-action-python-script/m-p/465635#M8266 <P>Search logs in splunkd.log for your alert action, you can use below query.</P> <PRE><CODE>index=_internal sourcetype=splunkd component=sendmodalert </CODE></PRE> Wed, 12 Feb 2020 10:13:53 GMT https://community.splunk.com/t5/Alerting/cutom-alert-action-python-script/m-p/465635#M8266 harsmarvania57 2020-02-12T10:13:53Z https://community.splunk.com/t5/Alerting/cutom-alert-action-python-script/m-p/465636#M8267 <P>You are importing <STRONG>request</STRONG>, it should be <STRONG>requests</STRONG>.</P> Wed, 12 Feb 2020 10:16:51 GMT https://community.splunk.com/t5/Alerting/cutom-alert-action-python-script/m-p/465636#M8267 manjunathmeti 2020-02-12T10:16:51Z https://community.splunk.com/t5/Alerting/cutom-alert-action-python-script/m-p/465637#M8268 <P>Thank you. but exit code =0.<BR /> I can not understand <CODE>def process_event(helper, *args, **kwargs):</CODE>and <CODE>return0</CODE></P> Thu, 13 Feb 2020 01:14:18 GMT https://community.splunk.com/t5/Alerting/cutom-alert-action-python-script/m-p/465637#M8268 pipipipi 2020-02-13T01:14:18Z https://community.splunk.com/t5/Alerting/cutom-alert-action-python-script/m-p/465638#M8269 <P>Add exception handling in your script and check if any error occurring in the splunkd logs.</P> <PRE><CODE> import sys import os import requests import json def test(): data = { 'name':'username', 'password':'password', 'roles':'user'} response = requests.post('https://mng_uri:8089/services/authentication/users', data=data, auth=('admin','passme')) response.raise_for_status() if __name__ == "__main__": try: test() except Exception as e: print &gt;&gt; sys.stderr, "ERROR Unexpected error: %s" % e sys.exit(1) </CODE></PRE> Thu, 13 Feb 2020 02:49:46 GMT https://community.splunk.com/t5/Alerting/cutom-alert-action-python-script/m-p/465638#M8269 manjunathmeti 2020-02-13T02:49:46Z