Alerting

Hipchat alerts app: invalid key in stanza

burwell
SplunkTrust
SplunkTrust

I am following the instructions in http://docs.splunk.com/Documentation/Splunk/6.4.1/AdvancedDev/ModAlertsAdvancedExample using Splunk 6.4.1

I created alert_actions.conf per the documentation and get these errors (changed company name and token value)

Invalid key in stanza [hipchat] in /opt/splunk/etc/apps/hipchat_app/default/alert_actions.conf, line 10: param.base_url    (value:  http://mycompany.hipchat.com/v2).

Invalid key in stanza [hipchat] in /opt/splunk/etc/apps/hipchat_app/default/alert_actions.conf, line 11: param.auth_token  (value:  cyeYO123L5xwzZf2NmEQFD2A1ajm5PQu3O37yIVf).

[hipchat]
is_custom = 1
label = HipChat
description = Send HipChat room notifications
icon_path = hipchat_alert_icon.png
payload_format = json

param.base_url   = https://mycompany.hipchat.com/v2/room/2943772/notification?
param.auth_token = cyeYO123L5xwzZf2NmEQFD2A1ajm5PQu3O37yIVf

If I comment out those two args that are getting errors and then try editing the actions of a saved search
1) I don't see the ability to add a hipchat alert under add actions

2) In manage alert actions I do see the hipchat png .. on this page http://myserver:8000/splunk/en-US/manager/search/alert_actions

So basically I only need the python script and the few other configs, right? I am not sure what is causing the invalid key in stanza error.
I am not using any other Splunkbase apps.

0 Karma
1 Solution

burwell
SplunkTrust
SplunkTrust

I ended up installing this app https://splunkbase.splunk.com/app/2879/ and that worked for me.

The python script was different from that documented in http://docs.splunk.com/Documentation/Splunk/6.4.1/AdvancedDev/ModAlertsAdvancedExample

View solution in original post

burwell
SplunkTrust
SplunkTrust

I ended up installing this app https://splunkbase.splunk.com/app/2879/ and that worked for me.

The python script was different from that documented in http://docs.splunk.com/Documentation/Splunk/6.4.1/AdvancedDev/ModAlertsAdvancedExample

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...