01-24-2024 10:24:31.312 +0000 WARN sendmodalert [3050674 AlertNotifierWorker-0] - action=slack - Alert action script returned error code=1
01-24-2024 10:24:31.312 +0000 INFO sendmodalert [3050674 AlertNotifierWorker-0] - action=slack - Alert action script completed in duration=96 ms with exit code=1
01-24-2024 10:24:31.304 +0000 FATAL sendmodalert [3050674 AlertNotifierWorker-0] - action=slack STDERR - Alert action failed
01-24-2024 10:24:31.304 +0000 INFO sendmodalert [3050674 AlertNotifierWorker-0] - action=slack STDERR - Slack API responded with HTTP status=200
01-24-2024 10:24:31.304 +0000 INFO sendmodalert [3050674 AlertNotifierWorker-0] - action=slack STDERR - Using configured Slack App OAuth token: xoxb-XXXXXXXX
01-24-2024 10:24:31.304 +0000 INFO sendmodalert [3050674 AlertNotifierWorker-0] - action=slack STDERR - Running python 3
01-24-2024 10:24:31.212 +0000 INFO sendmodalert [3050674 AlertNotifierWorker-0] - Invoking modular alert action=slack for search="Updated Testing Nagasri Alert" sid="scheduler_xxxxx__RMDxxxxxxx" in
app="xxxxx" owner="xxxx" type="saved"
I have done the entire setup correctly , created an app with chat:write scope and added the channel to the app. got the oauth token and the webhook link of the channel. But the sendalert is failing with error code 1. And the git "slack-alerts/src/app/README.md at main · splunk/slack-alerts (github.com)" , doesnt mention about it. Is it an issue from Splunk end or Slack end? What would be the fix for it?
Hi there,
Understanding the Error:
Troubleshooting Steps:
Double-Check Configuration:
Examine Script Logs:
Review Alert Action Script:
Upgrade Splunk and Apps:
Consult Splunk Documentation and Community:
Engage Splunk Support:
Additional Tips:
~ If the reply helps, a Karma upvote would be appreciated