All Apps and Add-ons

Alert manager apps - List indices must be integers, not str

clementros
Path Finder

Hi,

I'm trying to use the alert manager application, but i can't see errors in alert manager application dashboard.

I did all configuration steps as explain in the documentation (http://docs.alertmanager.info/en/latest/)

When i watch the log file "splunkd.log", i see following errors :

03-26-2019 08:57:37.616 +0100 ERROR sendmodalert - action=alert_manager STDERR -  Traceback (most recent call last): 
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert - action=alert_manager STDERR -    File "/opt/splunk/etc/apps/alert_manager/bin/alert_manager.py", line 402, in <module> 
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert
    - action=alert_manager STDERR -      savedSearch = getSavedSearch(payload.get('app'), search_name, sessionKey) 
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert
    - action=alert_manager STDERR -    File "/opt/splunk/etc/apps/alert_manager/bin/alert_manager.py", line 328, in getSavedSearch
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert
        - action=alert_manager STDERR -      return savedSearch['entry'][0] 
    03-26-2019 08:57:37.616 +0100 ERROR sendmodalert - action=alert_manager STDERR -  TypeError: list indices must be integers, not str 
    03-26-2019 08:57:37.644 +0100 INFO  sendmodalert
        - action=alert_manager - Alert action script completed in duration=570 ms with exit code=1 
    03-26-2019 08:57:37.645 +0100 WARN  sendmodalert
        - action=alert_manager - Alert action script returned error code=1 
    03-26-2019 08:57:37.645 +0100 ERROR sendmodalert - Error in 'sendalert' command: Alert script returned error code 1. 
    03-26-2019 08:57:37.645 +0100 ERROR SearchScheduler - Error in 'sendalert' command: Alert script returned error code 1., search='sendalert alert_manager results_file="/opt/splunk/var/run/splunk/dispatch/scheduler__admin_U3BsdW5rX01MX1Rvb2xraXQ__RMD527e2ea47a21d59f7_at_1553587020_12/per_result_alert/tmp_73.csv.gz" results_link="http://192.168.0.10.nip.io:8000/app/Splunk_ML_Toolkit/search?q=%7Cloadjob%20scheduler__admin_U3BsdW5rX01MX1Rvb2xraXQ__RMD527e2ea47a21d59f7_at_1553587020_12%20%7C%20head%2074%20%7C%20tail%201&earliest=0&latest=now"' 
    03-26-2019 08:57:37.647 +0100 INFO  sendmodalert - Invoking modular alert action=alert_manager for search="9075714df4b64ec3895d4ceacd25a834_1553521216" sid="scheduler__admin_U3BsdW5rX01MX1Rvb2xraXQ__RMD527e2ea47a21d59f7_at_1553587020_12" in app="Splunk_ML_Toolkit" owner="admin" type="saved"

Any ideas of the root cause ?

1 Solution

sduchene_splunk
Splunk Employee
Splunk Employee

Changing the alert permissions from private to app or global solved my issue

View solution in original post

0 Karma

sduchene_splunk
Splunk Employee
Splunk Employee

Changing the alert permissions from private to app or global solved my issue

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...