Why receiving error trying to push alerts into Swi...

srikaanth_amrut · ‎04-13-2022

Hello!

I'm trying to push alerts into Swimlane using the swimlane add-on. I've given full global permissions to the saved alert. There are 101 events to push but aren't getting pushed into Swimlane.

Please find logs below -

04-13-202210:50:57.393 +0200ERRORSearchScheduler - Error in 'sendalert' command:Alert script returned error code 1., search='sendalertpush_alerts_to_swimlaneresults_file="/opt/splunk/var/run/splunk/dispatch/scheduler_c3Jpa2FhbnRoLmFtcnV0aGEub3B0aXY_emZfY29ycmVsYXRpb25zX2ZpcmVleWU__RMD58b260abcef59878b_at_1649839800_2808/per_result_alert/tmp_16.csv.gz" results_link="https://mycompanyabcd.com/app/xxx_correlations_fireeye/search?q=%7Cloadjob%20scheduler_c3Jpa2FhbnRoLmFtcnV0aGEub3B0aXY_emZfY29ycmVsYXRpb25zX2ZpcmVleWU__RMD58b260abcef59878b_at_1649839800_2808%20%7C%20head%2017%20%7C%20tail%201&earliest=0&latest=now "'

04-13-202210:50:57.393 +0200WARN sendmodalert - action=push_alerts_to_swimlane- Alert action script returnederrorcode=1

Any advise appreciated. Thanks!

stevenyeoh · ‎08-28-2022

Hi @srikaanth_amrut ,

Good day!

I would be interested to know if you are able to resolve the issue? I am facing the same problem as you too.

Thank you

Anji_splunk · ‎06-24-2022

Hi @srikaanth_amrut ,

Were you able to resolve this issue? Please share the solution, I am facing same issue.

Thank you

Why receiving error trying to push alerts into Swimlane using the Swimlane add-on?

alert action

alert condition

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?