I am working through the Splunk Developers guide v 2 by Kyle Smith aka @alacercogitatus
https://answers.splunk.com/users/3659/alacercogitatus.html

I am having issues getting the custom alerting to work.

In particular the caa_file_write.py file is throwing the following errors in _internal:

06-09-2016 19:23:21.635 -0400 ERROR sendmodalert - action=file_write STDERR -    File "/opt/sdg/splunk/lib/python2.7/json/decoder.py", line 382, in raw_decode
host = SPLK-ET source = /opt/sdg/splunk/var/log/splunk/splunkd.log sourcetype = splunkd

06-09-2016 19:23:21.635 -0400 ERROR sendmodalert - action=file_write STDERR -    File "/opt/sdg/splunk/lib/python2.7/json/decoder.py", line 364, in decode
host = SPLK-ET source = /opt/sdg/splunk/var/log/splunk/splunkd.log sourcetype = splunkd

06-09-2016 19:23:21.635 -0400 ERROR sendmodalert - action=file_write STDERR -    File "/opt/sdg/splunk/lib/python2.7/json/__init__.py", line 339, in loads
host = SPLK-ET source = /opt/sdg/splunk/var/log/splunk/splunkd.log sourcetype = splunkd

06-09-2016 19:23:21.635 -0400 ERROR sendmodalert - action=file_write STDERR -    File "/opt/sdg/splunk/etc/apps/SDG/bin/caa_file_write.py", line 7, in 
host = SPLK-ET source = /opt/sdg/splunk/var/log/splunk/splunkd.log sourcetype = splunkd

The file in question is:

import sys, json, urllib2
def write_file(settings):
        f = open('myfile','w')
        f.write("%s"%json.dumps(settings))
        f.close()
if __name__ == "__main__":
        caa_config = json.loads(sys.stdin.read())
        write_file(caa_config)