Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

ITSI Custom Alert Action issue

shaan
Engager
‎06-29-2020 02:12 AM

We have created the custom Action in ITSI to POST the Episode data to outside world.

Steps taken for creation of Custom action:

  1. Created App
  2. Created Python Script in Bin Folder of application
  3. Alert_action.conf creation inside the app
  4. Added <AppName> stanza in notable_event_action.conf in ITSI SA-ITOA Folder

After this the Action name is visible in Action drop down menu of ITSI Episode.

Issue:

Whenever we are selecting the custom action it is throwing error.

Action = "AppNme" failed to run. Refer logs for more information.

When we refer the appserver.log it is giving us the below error

Can anyone please help on this, How to deal with this kind of error ? It seems Action itself is not getting called from ITSI what are your views ?

Error log-
=============================================================
Status="Started", FunctionName="actionExecution", actionInternalName="iPaaS"
2020-06-24 17:01:47,601 INFO [appserver] [notable_event_actions] [get_event_ids] [12252] is_group=True. action_name=`iPaaS` received=`[u'90cb2e34-08f4-463b-a395-4ce4a383e198']`

2020-06-24 17:01:47,603 INFO [appserver] [notable_event_actions] [execute_action] [12252] Generated search command=`search `itsi_event_management_group_index
` itsi_group_id="90cb2e34-08f4-463b-a395-4ce4a383e198" | dedup itsi_group_id | fields * | `itsi_notable_event_actions_temp_state_values` | `itsi_notable_group_lookup` | `itsi_notable_event_actions_coalesce_state_values` | sendalert "iPaaS" param.url="https://external_tool.com "` for action=`iPaaS` with earliest_time=None, latest_time=None

2020-06-24 17:01:48,303 ERROR [appserver] [notable_event_actions] [_parse_and_call_execute_action] [12252] Actions (iPaaS) failed to execute on: [u'90cb2e34-
08f4-463b-a395-4ce4a383e198']. Error: search `itsi_event_management_group_index` itsi_group_id="90cb2e34-08f4-463b-a395-4ce4a383e198" | dedup itsi_group_id
| fields * | `itsi_notable_event_actions_temp_state_values` | `itsi_notable_group_lookup` | `itsi_notable_event_actions_coalesce_state_values` | sendalert
"iPaaS" param.url="https://external_tool.com "  search failed. Refer search.log at "/services/search/jobs/1593014507.15717/search.log".

2020-06-24 17:01:48,303 INFO [appserver] [notable_event_actions] [_parse_and_call_execute_action] [12252] actionId="None", actionName="notable_event_action",
Status="Failed", FunctionName="actionExecution
===============================================================

Labels (3)
Labels
Reply

Oliver
Engager
‎07-02-2020 11:28 PM

Can you check Search logs mentioned into the error,  could be permissions on the  app to ensure that they are set to Global or App instead of Private.  Also, could there be some restriction on the user you are accessing Splunk ?

Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...