Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How do I get the custom alert example from the Splunk Developers Guide v 2 to work?

michael_peters
Path Finder
‎06-09-2016 03:48 PM

I am working through the Splunk Developers guide v 2 by Kyle Smith aka @alacercogitatus
https://answers.splunk.com/users/3659/alacercogitatus.html

I am having issues getting the custom alerting to work.

In particular the caa_file_write.py file is throwing the following errors in _internal:

06-09-2016 19:23:21.635 -0400 ERROR sendmodalert - action=file_write STDERR -    File "/opt/sdg/splunk/lib/python2.7/json/decoder.py", line 382, in raw_decode
host = SPLK-ET source = /opt/sdg/splunk/var/log/splunk/splunkd.log sourcetype = splunkd

06-09-2016 19:23:21.635 -0400 ERROR sendmodalert - action=file_write STDERR -    File "/opt/sdg/splunk/lib/python2.7/json/decoder.py", line 364, in decode
host = SPLK-ET source = /opt/sdg/splunk/var/log/splunk/splunkd.log sourcetype = splunkd

06-09-2016 19:23:21.635 -0400 ERROR sendmodalert - action=file_write STDERR -    File "/opt/sdg/splunk/lib/python2.7/json/__init__.py", line 339, in loads
host = SPLK-ET source = /opt/sdg/splunk/var/log/splunk/splunkd.log sourcetype = splunkd

06-09-2016 19:23:21.635 -0400 ERROR sendmodalert - action=file_write STDERR -    File "/opt/sdg/splunk/etc/apps/SDG/bin/caa_file_write.py", line 7, in 
host = SPLK-ET source = /opt/sdg/splunk/var/log/splunk/splunkd.log sourcetype = splunkd

The file in question is:

import sys, json, urllib2
def write_file(settings):
        f = open('myfile','w')
        f.write("%s"%json.dumps(settings))
        f.close()
if __name__ == "__main__":
        caa_config = json.loads(sys.stdin.read())
        write_file(caa_config)
Reply
1 Solution
Solved! Jump to solution
Solution

michael_peters
Path Finder
‎06-22-2016 12:16 PM

I posted the same question on stackexchange.com (http://stackoverflow.com/a/37737994/2871638) and the answer is that the script expects JSON input. This is supposed to take the JSON input from the meh.com API and output JSON.

View solution in original post

Reply
Solved! Jump to solution
Solution

michael_peters
Path Finder
‎06-22-2016 12:16 PM

I posted the same question on stackexchange.com (http://stackoverflow.com/a/37737994/2871638) and the answer is that the script expects JSON input. This is supposed to take the JSON input from the meh.com API and output JSON.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...