Splunk fail for slack with STDERR - Error sending ...

Sreejith007 · ‎06-12-2018

Hello,

I am not able to trigger the alert msg to slack, please find the logs of slack webhook given below taken from splunk. I have also checked for the webhook url in the configuration file location etc/apps/search/local/savedsearches.conf. Please let me know if i am missing anything.

2018-06-12 12:34:19.364 06-12-2018 07:04:19.364 +0000 INFO sendmodalert - Invoking modular alert action=slack for search="test alert sree" sid="rt_scheduler_sreejithsearchRMD5e4fe80a256ec59e3_at_1528787049_47.0" in app="search" owner="sreejith" type="saved"
2018-06-12 12:34:19.441 06-12-2018 07:04:19.441 +0000 ERROR sendmodalert - action=slack STDERR - Error sending message: HTTP Error 404: Not Found
2018-06-12 12:34:19.441 06-12-2018 07:04:19.441 +0000 FATAL sendmodalert - action=slack STDERR - Sending the slack message failed
2018-06-12 12:34:19.445 06-12-2018 07:04:19.445 +0000 INFO sendmodalert - action=slack - Alert action script completed in duration=81 ms with exit code=5
2018-06-12 12:34:19.445 06-12-2018 07:04:19.445 +0000 WARN sendmodalert - action=slack - Alert action script returned error code=5
2018-06-12 12:34:39.507 06-12-2018 07:04:39.507 +0000 INFO sendmodalert - Invoking modular alert action=slack for search="test alert sree" sid="rt_schedulersreejithsearchRMD5e4fe80a256ec59e3_at_1528787049_47.1" in app="search" owner="sreejith" type="saved"
2018-06-12 12:34:39.615 06-12-2018 07:04:39.615 +0000 ERROR sendmodalert - action=slack STDERR - Error sending message: HTTP Error 404: Not Found
2018-06-12 12:34:39.615 06-12-2018 07:04:39.615 +0000 FATAL sendmodalert - action=slack STDERR - Sending the slack message failed
2018-06-12 12:34:39.618 06-12-2018 07:04:39.618 +0000 INFO sendmodalert - action=slack - Alert action script completed in duration=111 ms with exit code=5
2018-06-12 12:34:39.618 06-12-2018 07:04:39.618 +0000 WARN sendmodalert - action=slack - Alert action script returned error code=5
2018-06-12 12:34:59.669 06-12-2018 07:04:59.669 +0000 INFO sendmodalert - Invoking modular alert action=slack for search="test alert sree" sid="rt_schedulersreejithsearch_RMD5e4fe80a256ec59e3_at_1528787049_47.2" in app="search" owner="sreejith" type="saved"

Thanks
Sreejith

Sreejith007 · ‎06-12-2018

Found log from the splunkd.log

06-12-2018 01:08:35.693 +0000 ERROR sendmodalert - action=slack STDERR - Error sending message: HTTP Error 404: Not Found
06-12-2018 01:08:35.693 +0000 FATAL sendmodalert - action=slack STDERR - Sending the slack message failed
06-12-2018 01:08:35.696 +0000 INFO sendmodalert - action=slack - Alert action script completed in duration=122 ms with exit code=5
06-12-2018 01:08:35.696 +0000 WARN sendmodalert - action=slack - Alert action script returned error code=5
06-12-2018 01:08:35.696 +0000 ERROR sendmodalert - Error in 'sendalert' command: Alert script returned error code 5.
06-12-2018 01:08:35.696 +0000 ERROR SearchScheduler - Error in 'sendalert' command: Alert script returned error code 5., search='sendalert slack results_file="/opt/splunk/var/run/splunk/dispatch/rt_scheduler_sreejithsearchRMD5dae64c2766baa64c_at_1528748491_57.923/per_result_alert/tmp_0.csv.gz" results_link="http://ops-splunk-searchhead-1:8000/app/search/search?q=%7Cloadjob%20rt_schedulersreejithsearch_RMD5dae64c2766baa64c_at_1528748491_57.923%20%7C%20head%201%20%7C%20tail%201&earliest=0&latest=now"'

Sreejith007 · ‎06-21-2018

Finally found the solution, on the "Trigger Actions" the channel name given was "@channel" changed to "#channel" and it worked. Closing this issue

Splunk fail for slack with STDERR - Error sending message: HTTP Error 404: Not Found

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!