Error in 'sendalert' command:Alert script returned...

Anji_splunk · ‎06-28-2022

Hi!

We are trying to push alerts into Swimlane using the swimlane add-on. But getting error as below:

06-28-2022 04:45:08.234 -0500 ERROR SearchScheduler [4094 AlertNotifierWorker-0] - Error in 'sendalert' command: Alert script returned error code 1., search='sendalert push_alerts_to_swimlane results_file="/opt/splunk/var/run/splunk/dispatch/scheduler_Xghedjhwqklahd"

06-28-2022 04:45:08.234 -0500 WARN sendmodalert [4094 AlertNotifierWorker-0] - action=push_alerts_to_swimlane - Alert action script returned error code=1

Swimlane App link: https://splunkbase.splunk.com/app/3708/

Any help with this is much appreciated.

Thanks

Anji_splunk · ‎06-28-2022

Hi @jamie00171 ,

Thank you for your quick response. I am not seeing anything other than scheduler error logs.

Thanks,

Anji

jamie00171 · ‎06-28-2022

hi @Anji_splunk

There will most likely be a log file for custom alert action provided by the Swimlane app inside the _internal index.

If you look at:

index=_internal | stats values(source)

You'll be able to see all of the log files and there should be one relating to the swimlane alert action that will most likely contain a more useful error message so might be worth having a look there.

Thanks,

Jamie

Error in 'sendalert' command:Alert script returned error code 1., search='sendalertpush_alerts_to_swimlane

alert action

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

Preparing your Splunk Environment for OpenSSL3

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector