All Apps and Add-ons

Alert manager apps - List indices must be integers, not str

Path Finder

Hi,

I'm trying to use the alert manager application, but i can't see errors in alert manager application dashboard.

I did all configuration steps as explain in the documentation (http://docs.alertmanager.info/en/latest/)

When i watch the log file "splunkd.log", i see following errors :

03-26-2019 08:57:37.616 +0100 ERROR sendmodalert - action=alert_manager STDERR -  Traceback (most recent call last): 
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert - action=alert_manager STDERR -    File "/opt/splunk/etc/apps/alert_manager/bin/alert_manager.py", line 402, in <module> 
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert
    - action=alert_manager STDERR -      savedSearch = getSavedSearch(payload.get('app'), search_name, sessionKey) 
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert
    - action=alert_manager STDERR -    File "/opt/splunk/etc/apps/alert_manager/bin/alert_manager.py", line 328, in getSavedSearch
03-26-2019 08:57:37.616 +0100 ERROR sendmodalert
        - action=alert_manager STDERR -      return savedSearch['entry'][0] 
    03-26-2019 08:57:37.616 +0100 ERROR sendmodalert - action=alert_manager STDERR -  TypeError: list indices must be integers, not str 
    03-26-2019 08:57:37.644 +0100 INFO  sendmodalert
        - action=alert_manager - Alert action script completed in duration=570 ms with exit code=1 
    03-26-2019 08:57:37.645 +0100 WARN  sendmodalert
        - action=alert_manager - Alert action script returned error code=1 
    03-26-2019 08:57:37.645 +0100 ERROR sendmodalert - Error in 'sendalert' command: Alert script returned error code 1. 
    03-26-2019 08:57:37.645 +0100 ERROR SearchScheduler - Error in 'sendalert' command: Alert script returned error code 1., search='sendalert alert_manager results_file="/opt/splunk/var/run/splunk/dispatch/scheduler__admin_U3BsdW5rX01MX1Rvb2xraXQ__RMD527e2ea47a21d59f7_at_1553587020_12/per_result_alert/tmp_73.csv.gz" results_link="http://192.168.0.10.nip.io:8000/app/Splunk_ML_Toolkit/search?q=%7Cloadjob%20scheduler__admin_U3BsdW5rX01MX1Rvb2xraXQ__RMD527e2ea47a21d59f7_at_1553587020_12%20%7C%20head%2074%20%7C%20tail%201&earliest=0&latest=now"' 
    03-26-2019 08:57:37.647 +0100 INFO  sendmodalert - Invoking modular alert action=alert_manager for search="9075714df4b64ec3895d4ceacd25a834_1553521216" sid="scheduler__admin_U3BsdW5rX01MX1Rvb2xraXQ__RMD527e2ea47a21d59f7_at_1553587020_12" in app="Splunk_ML_Toolkit" owner="admin" type="saved"

Any ideas of the root cause ?

1 Solution

Splunk Employee
Splunk Employee

Changing the alert permissions from private to app or global solved my issue

View solution in original post

0 Karma

Splunk Employee
Splunk Employee

Changing the alert permissions from private to app or global solved my issue

View solution in original post

0 Karma