Hi,
I'm trying to use the alert manager application, but i can't see errors in alert manager application dashboard.
I did all configuration steps as explain in the documentation (http://docs.alertmanager.info/en/latest/)
When i watch the log file "splunkd.log", i see following errors :
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert - action=alert_manager STDERR - Traceback (most recent call last):
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert - action=alert_manager STDERR - File "/opt/splunk/etc/apps/alert_manager/bin/alert_manager.py", line 402, in <module>
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert
- action=alert_manager STDERR - savedSearch = getSavedSearch(payload.get('app'), search_name, sessionKey)
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert
- action=alert_manager STDERR - File "/opt/splunk/etc/apps/alert_manager/bin/alert_manager.py", line 328, in getSavedSearch
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert
- action=alert_manager STDERR - return savedSearch['entry'][0]
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert - action=alert_manager STDERR - TypeError: list indices must be integers, not str
03-26-2019 08:57:37.644 +0100 INFO sendmodalert
- action=alert_manager - Alert action script completed in duration=570 ms with exit code=1
03-26-2019 08:57:37.645 +0100 WARN sendmodalert
- action=alert_manager - Alert action script returned error code=1
03-26-2019 08:57:37.645 +0100 ERROR sendmodalert - Error in 'sendalert' command: Alert script returned error code 1.
03-26-2019 08:57:37.645 +0100 ERROR SearchScheduler - Error in 'sendalert' command: Alert script returned error code 1., search='sendalert alert_manager results_file="/opt/splunk/var/run/splunk/dispatch/scheduler__admin_U3BsdW5rX01MX1Rvb2xraXQ__RMD527e2ea47a21d59f7_at_1553587020_12/per_result_alert/tmp_73.csv.gz" results_link="http://192.168.0.10.nip.io:8000/app/Splunk_ML_Toolkit/search?q=%7Cloadjob%20scheduler__admin_U3BsdW5rX01MX1Rvb2xraXQ__RMD527e2ea47a21d59f7_at_1553587020_12%20%7C%20head%2074%20%7C%20tail%201&earliest=0&latest=now"'
03-26-2019 08:57:37.647 +0100 INFO sendmodalert - Invoking modular alert action=alert_manager for search="9075714df4b64ec3895d4ceacd25a834_1553521216" sid="scheduler__admin_U3BsdW5rX01MX1Rvb2xraXQ__RMD527e2ea47a21d59f7_at_1553587020_12" in app="Splunk_ML_Toolkit" owner="admin" type="saved"
Any ideas of the root cause ?
Changing the alert permissions from private to app or global solved my issue
Changing the alert permissions from private to app or global solved my issue