All Apps and Add-ons

Issues executing TSTATS search

Engager

Firstly, awesome app.
I've been able to successfully execute a variety of searches specified in the mappings.json intents file.
I don't seem to be able to execute TSTATS (possibly any generating command with a leading pipe although I haven't tested others)

From the logs:
09-23-2016 21:09:11.282 +1000 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\alexa\bin\alexa.py"" Error performing search : search | tstats count where host=10.20.0.1 by sourcetype , because HTTP 400 --
09-23-2016 21:09:11.282 +1000 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\alexa\bin\alexa.py"" Error in 'tstats' command: This command must be the first command of a search.

JSON:

{
  "intent": "TestIntent",
  "search": "| tstats count where host=10.20.0.1 by sourcetype",
  "time_slot" : "timeperiod",
  "response": "host count for $timeperiod$ was $resultfield_count$

},

Any insights ?
Cheers.

0 Karma
1 Solution

Ultra Champion

OK , latest version 0.6 now supports generating commands such as tstats , metadata etc....

View solution in original post

Engager

Thanks Damien, much appreciated.
Unfortunately when I upgraded it broke my modular input listener 😞
I had specified a custom SSL port so I didn't break our SAML auth redirect on 443.
I got around the Alexa service SSL on port 443 requirement by performing a PAT on the firewall to my custom listener.
I'll use the saved search workaround as suggested.
Cheers.

0 Karma

Ultra Champion

OK , latest version 0.6 now supports generating commands such as tstats , metadata etc....

View solution in original post

Ultra Champion

This will be fixed in a new release this week.
Meanwhile , you can get around this by using a Saved Search action to encapsulate your |tstats search