All Apps and Add-ons

Alert manager apps - List indices must be integers, not str

clementros
Path Finder

Hi,

I'm trying to use the alert manager application, but i can't see errors in alert manager application dashboard.

I did all configuration steps as explain in the documentation (http://docs.alertmanager.info/en/latest/)

When i watch the log file "splunkd.log", i see following errors :

03-26-2019 08:57:37.616 +0100 ERROR sendmodalert - action=alert_manager STDERR -  Traceback (most recent call last): 
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert - action=alert_manager STDERR -    File "/opt/splunk/etc/apps/alert_manager/bin/alert_manager.py", line 402, in <module> 
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert
    - action=alert_manager STDERR -      savedSearch = getSavedSearch(payload.get('app'), search_name, sessionKey) 
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert
    - action=alert_manager STDERR -    File "/opt/splunk/etc/apps/alert_manager/bin/alert_manager.py", line 328, in getSavedSearch
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert
        - action=alert_manager STDERR -      return savedSearch['entry'][0] 
    03-26-2019 08:57:37.616 +0100 ERROR sendmodalert - action=alert_manager STDERR -  TypeError: list indices must be integers, not str 
    03-26-2019 08:57:37.644 +0100 INFO  sendmodalert
        - action=alert_manager - Alert action script completed in duration=570 ms with exit code=1 
    03-26-2019 08:57:37.645 +0100 WARN  sendmodalert
        - action=alert_manager - Alert action script returned error code=1 
    03-26-2019 08:57:37.645 +0100 ERROR sendmodalert - Error in 'sendalert' command: Alert script returned error code 1. 
    03-26-2019 08:57:37.645 +0100 ERROR SearchScheduler - Error in 'sendalert' command: Alert script returned error code 1., search='sendalert alert_manager results_file="/opt/splunk/var/run/splunk/dispatch/scheduler__admin_U3BsdW5rX01MX1Rvb2xraXQ__RMD527e2ea47a21d59f7_at_1553587020_12/per_result_alert/tmp_73.csv.gz" results_link="http://192.168.0.10.nip.io:8000/app/Splunk_ML_Toolkit/search?q=%7Cloadjob%20scheduler__admin_U3BsdW5rX01MX1Rvb2xraXQ__RMD527e2ea47a21d59f7_at_1553587020_12%20%7C%20head%2074%20%7C%20tail%201&earliest=0&latest=now"' 
    03-26-2019 08:57:37.647 +0100 INFO  sendmodalert - Invoking modular alert action=alert_manager for search="9075714df4b64ec3895d4ceacd25a834_1553521216" sid="scheduler__admin_U3BsdW5rX01MX1Rvb2xraXQ__RMD527e2ea47a21d59f7_at_1553587020_12" in app="Splunk_ML_Toolkit" owner="admin" type="saved"

Any ideas of the root cause ?

1 Solution

sduchene_splunk
Splunk Employee
Splunk Employee

Changing the alert permissions from private to app or global solved my issue

View solution in original post

0 Karma

sduchene_splunk
Splunk Employee
Splunk Employee

Changing the alert permissions from private to app or global solved my issue

0 Karma
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...