Solved: Re: Can't perform a GET action with this add-on

pwild_splunk · ‎04-28-2020

I'm trying to perform a simple GET action with this add-on but I'm not GETing anywhere.

This is being reported in the logs.

ERROR sendmodalert - Error in 'sendalert' command: Alert script returned error code 4.

Looking through the code this error reports if the CIM app is not installed. Installing the app makes no difference.

I'm setting these within the alert
Endpoint: http://host.domain.local:5000/command
Query string params: cmd=disarm&master_pin=ABCD
http method: GET

Any suggestions as to what I'm doing wrong?

brendanmacooper · ‎04-28-2020

@pwild_splunk Can you try setting the ingestion index. There was a bug where this option needed to be set even if it wasn't used.

I have a new version for Splunk 8 coming out soon™ that will fix this and a couple of other issues

View solution in original post

brendanmacooper · ‎04-28-2020

@pwild_splunk Can you try setting the ingestion index. There was a bug where this option needed to be set even if it wasn't used.

I have a new version for Splunk 8 coming out soon™ that will fix this and a couple of other issues

pwild_splunk · ‎04-28-2020

Thanks Brendan, I already had the ingestion index set when I was getting that error. However... I put dummy data in every field and that solved the problem. The only field I didn't have data in was "Ingestion safety max size" which I arbitrarily set to 200 (I assume this is bytes???). This solved the problem.
Many thanks!

Can't perform a GET action with this add-on

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!